Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help! i might be infected with remote access trojan


  • This topic is locked This topic is locked
10 replies to this topic

#1 filterfilter

filterfilter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 05 August 2014 - 11:30 PM

hello, i already had one topic but i have several problems again, im not sure but i think im infected with a remote access trojan, sometimes my browser is closing or changing to other sites.

 

dds.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by Aslan at 6:20:27 on 2014-08-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.1267 [GMT 2:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvservice.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\NIS.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mDefault_Page_URL = hxxp://www.google.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\coieplg.dll
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{72202552-E58E-40DF-8B85-6AC6747339DB} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{9C4AEFBD-5121-42B2-B984-20E55DEBC68E} : DHCPNameServer = 192.168.178.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\CoIEPlg.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\CoIEPlg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.4.0.13\coieplg.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-6-17 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys [2014-8-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys [2014-8-3 1148120]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-6-17 242968]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [2014-8-5 1530160]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys [2014-8-3 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [2014-8-3 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140805.001\IDSviA64.sys [2014-8-6 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys [2014-8-3 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys [2014-8-3 593112]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-7-10 3244048]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-7-10 289328]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-1 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-1 860472]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [2014-8-3 130104]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.4.0.13\nis.exe [2014-8-3 276376]
R2 nvservice;NVIDIA GuardService;C:\Windows\System32\nvservice.exe [2014-4-2 192800]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-16 378984]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2014-7-14 2253112]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\Windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-4-2 2656280]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\Windows\System32\drivers\btfilter.sys [2014-4-2 42096]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-8-3 142128]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-1 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-1 63704]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2014-4-2 38096]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-20 822704]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2014-6-23 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 cmntnet;Wireless Data Device USB Ethernet Driver;C:\Windows\System32\drivers\cmntnet.sys [2014-4-5 141824]
S3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;C:\Windows\System32\drivers\cmnuusbser.sys [2014-4-5 123904]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-20 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-4-2 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2014-4-2 307304]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-3 59392]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2014-4-2 57216]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-3-2 266680]
S4 WTGService;WTGService;C:\Program Files (x86)\XSManager\WTGService.exe [2014-4-5 329848]
.
=============== Created Last 30 ================
.
2014-08-06 04:11:19    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2014-08-06 03:46:27    --------    d-----w-    C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-05 22:24:43    --------    d-----w-    C:\Users\Aslan\AppData\Local\Skype
2014-08-05 22:23:39    --------    d-----r-    C:\Program Files (x86)\Skype
2014-08-05 22:12:33    --------    d-----w-    C:\Users\Aslan\AppData\Local\ElevatedDiagnostics
2014-08-05 21:53:38    40248    ----a-w-    C:\Windows\System32\TURegOpt.exe
2014-08-05 21:53:34    29496    ----a-w-    C:\Windows\System32\authuitu.dll
2014-08-05 21:53:31    25400    ----a-w-    C:\Windows\SysWow64\authuitu.dll
2014-08-05 21:52:52    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\AVG
2014-08-05 21:52:52    --------    d-----w-    C:\Users\Aslan\AppData\Local\AVG
2014-08-05 21:51:00    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 21:50:51    --------    d-----w-    C:\ProgramData\AVG
2014-08-05 20:42:54    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\AVG2014
2014-08-05 20:42:13    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\TuneUp Software
2014-08-05 20:41:31    --------    d--h--w-    C:\$AVG
2014-08-05 20:41:31    --------    d-----w-    C:\ProgramData\AVG2014
2014-08-05 20:40:36    --------    d-----w-    C:\Program Files (x86)\AVG
2014-08-05 20:31:42    --------    d--h--w-    C:\ProgramData\Common Files
2014-08-05 20:31:42    --------    d-----w-    C:\Users\Aslan\AppData\Local\MFAData
2014-08-05 20:31:42    --------    d-----w-    C:\Users\Aslan\AppData\Local\Avg2014
2014-08-05 20:31:42    --------    d-----w-    C:\ProgramData\MFAData
2014-08-05 19:16:21    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\Xfire
2014-08-05 19:16:15    --------    d-----w-    C:\ProgramData\Xfire
2014-08-05 19:16:12    --------    d-----w-    C:\Program Files (x86)\Xfire
2014-08-04 19:52:25    --------    d-----w-    C:\ProgramData\Oracle
2014-08-04 19:51:32    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-04 19:45:54    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\WinPatrol
2014-08-04 19:45:44    --------    d-----w-    C:\ProgramData\InstallMate
2014-08-04 19:45:44    --------    d-----w-    C:\Program Files (x86)\Ruiware
2014-08-03 18:58:46    593112    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symnets.sys
2014-08-03 18:58:45    875736    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtsp64.sys
2014-08-03 18:58:45    493656    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symds64.sys
2014-08-03 18:58:45    36952    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\srtspx64.sys
2014-08-03 18:58:45    264280    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ironx64.sys
2014-08-03 18:58:45    23568    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symelam.sys
2014-08-03 18:58:45    162392    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\ccsetx64.sys
2014-08-03 18:58:45    1148120    ----a-r-    C:\Windows\System32\drivers\NISx64\1504000.00D\symefa64.sys
2014-08-03 18:58:25    --------    d-----w-    C:\Windows\System32\drivers\NISx64\1504000.00D
2014-08-03 11:57:20    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-08-03 11:57:20    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2014-08-03 11:56:20    --------    d-----w-    C:\Windows\System32\drivers\NISx64
2014-08-03 11:56:18    --------    d-----w-    C:\Program Files (x86)\Norton Internet Security
2014-08-03 11:00:48    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-08-03 11:00:43    10924376    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F57F30D-ABCD-481F-9EFF-4097C074ED73}\mpengine.dll
2014-08-03 10:53:23    162392    ----a-r-    C:\Windows\System32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys
2014-08-03 10:53:16    --------    d-----w-    C:\Windows\System32\drivers\NSTx64\7DE07030.00C
2014-08-03 10:53:16    --------    d-----w-    C:\Windows\System32\drivers\NSTx64
2014-08-03 10:53:15    --------    d-----w-    C:\Program Files (x86)\Norton Identity Safe
2014-08-01 15:29:24    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-08-01 10:41:48    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-08-01 10:41:48    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-08-01 10:41:48    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 10:41:33    --------    d-----w-    C:\Users\Aslan\AppData\Local\Programs
2014-08-01 09:33:01    --------    d-----w-    C:\Windows\ERUNT
2014-08-01 01:54:31    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-08-01 00:16:52    --------    d-s---w-    C:\Windows\System32\CompatTel
2014-07-31 22:36:35    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-07-31 22:36:30    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-31 22:36:30    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-31 22:36:01    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-31 17:25:54    519168    ----a-w-    C:\Windows\System32\aepdu.dll
2014-07-31 17:25:54    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-07-31 16:01:39    --------    d-----w-    C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 16:01:36    --------    d-----w-    C:\ProgramData\Nico Mak Computing
2014-07-31 16:01:35    20480    ----a-w-    C:\Windows\System32\wsusnative64.exe
2014-07-31 12:49:05    --------    d-----w-    C:\ProgramData\F-Secure
2014-07-31 01:31:48    --------    d-sh--w-    C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 01:31:48    --------    d-sh--w-    C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-20 04:06:26    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-18 16:20:41    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-07-18 16:20:41    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-07-18 16:20:41    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-07-18 16:20:17    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-18 16:20:16    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-18 16:20:16    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-07-23 08:52:00    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-07-18 18:09:12    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-18 18:09:12    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-30 10:43:02    152344    ----a-w-    C:\Windows\System32\drivers\avgdiska.sys
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-17 14:21:34    235800    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 14:07:12    328984    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2014-06-17 14:06:58    269080    ----a-w-    C:\Windows\System32\drivers\avgtdia.sys
2014-06-17 14:06:24    190744    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2014-06-17 14:06:22    242968    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-17 14:06:20    123672    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2014-06-17 14:06:06    31512    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
.
============= FINISH:  6:21:28,32 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 06 August 2014 - 10:14 AM

Please run the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 filterfilter

filterfilter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 06 August 2014 - 11:26 AM

hello,
 
this is the frst log
 
Frst
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Aslan (administrator) on ASLAN-PC on 06-08-2014 18:07:20
Running from C:\Users\Aslan\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvservice.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-2081452760-1846932682-3364742643-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF5ECE37B334FCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {F08402EE-1C6C-4533-9731-95F8F4C295AC} URL = https://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aslan\AppData\Roaming\Mozilla\Firefox\Profiles\7j8ofo4q.default-1406820187372\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.3.12\coFFPlgn [2014-08-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Docs) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (Norton Identity Protection) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-04-05]
CHR Extension: (Shopping Helper) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2014-06-27]
CHR Extension: (Google Wallet) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Aslan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-08-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
R2 nvservice; C:\Windows\system32\nvservice.exe [192800 2013-02-04] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2253112 2014-07-14] (AVG)
S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329848 2012-11-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 cmntnet; C:\Windows\System32\DRIVERS\cmntnet.sys [141824 2014-04-05] (Wireless Data Device)
S3 cmnuusbser; C:\Windows\System32\DRIVERS\cmnuusbser.sys [123904 2014-04-05] (Wireless Device)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST
2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-06 17:55 - 2014-08-06 17:56 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp
2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt
2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt
2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe
2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-06 05:44 - 2014-08-06 05:45 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi
2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp
2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-08-06 00:24 - 2014-08-06 01:08 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype
2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype
2014-08-06 00:23 - 2014-08-06 00:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-06 00:23 - 2014-08-06 00:24 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 23:53 - 2014-07-14 12:26 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-08-05 23:53 - 2014-07-14 12:26 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-08-05 23:53 - 2014-07-14 12:26 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG
2014-08-05 23:51 - 2014-08-06 00:01 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:50 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\AVG
2014-08-05 23:41 - 2014-08-05 23:42 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe
2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-05 22:41 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG
2014-08-05 22:40 - 2014-08-05 23:52 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-05 22:31 - 2014-08-06 16:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 22:31 - 2014-08-05 22:48 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014
2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe
2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData
2014-08-05 21:16 - 2014-08-05 21:32 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire
2014-08-05 21:16 - 2014-08-05 21:19 - 00000000 ____D () C:\ProgramData\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire
2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe
2014-08-04 21:54 - 2014-08-04 21:55 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 21:52 - 2014-08-04 21:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe
2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec
2014-08-03 13:53 - 2014-08-03 13:55 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:31 - 2014-08-04 11:12 - 00001233 _____ () C:\DelFix.txt
2014-08-01 14:25 - 2014-08-01 14:26 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:41 - 2014-08-03 03:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-08-02 21:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 12:41 - 2014-08-02 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 12:41 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-01 12:41 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 11:33 - 2014-08-01 17:31 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 09:59 - 2014-08-01 10:10 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 00:36 - 2014-08-06 18:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 00:36 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 00:36 - 2014-08-01 02:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 00:36 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 23:29 - 2014-08-01 17:32 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-07-31 22:45 - 2014-08-05 02:27 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-07-31 19:25 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-31 19:25 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-31 19:24 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-08-01 03:47 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 18:01 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:47 - 2014-08-01 14:22 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-07-31 17:31 - 2014-07-31 17:41 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:22 - 2014-07-31 17:23 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 06:06 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 06:06 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 06:06 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 06:06 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-20 06:06 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-20 06:06 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 06:06 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-20 06:06 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-20 06:06 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 06:06 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-20 06:06 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 06:06 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 06:06 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 06:06 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 06:06 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-20 06:06 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 06:06 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-20 06:06 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-20 06:06 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 06:06 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 06:06 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-20 06:06 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-20 06:06 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-20 06:06 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 06:06 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-20 06:06 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 06:06 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 06:06 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 06:06 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 06:06 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-20 06:06 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 06:06 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 06:06 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-20 06:06 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 06:06 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 06:06 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 18:20 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-18 18:20 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-18 18:20 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-18 18:20 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-18 18:20 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-18 18:20 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-06 18:07 - 2014-08-06 18:07 - 00016533 _____ () C:\Users\Aslan\Desktop\FRST.txt
2014-08-06 18:07 - 2014-08-06 18:07 - 00000000 ____D () C:\FRST
2014-08-06 18:06 - 2014-08-06 18:06 - 02094080 _____ (Farbar) C:\Users\Aslan\Desktop\FRST64.exe
2014-08-06 18:06 - 2014-08-01 00:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 18:04 - 2014-04-05 18:27 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 18:04 - 2014-04-02 17:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-06 18:03 - 2014-04-03 20:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-06 18:03 - 2014-04-02 17:17 - 01309270 _____ () C:\Windows\PFRO.log
2014-08-06 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-06 18:03 - 2009-07-14 06:51 - 00036914 _____ () C:\Windows\setupact.log
2014-08-06 18:02 - 2014-04-02 14:53 - 01102563 _____ () C:\Windows\WindowsUpdate.log
2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-06 18:02 - 2009-07-14 06:45 - 00014912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-06 17:56 - 2014-08-06 17:55 - 00292200 _____ () C:\Windows\Minidump\080614-46347-01.dmp
2014-08-06 17:55 - 2014-04-05 17:50 - 513888428 _____ () C:\Windows\MEMORY.DMP
2014-08-06 17:55 - 2014-04-05 17:50 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 17:13 - 2014-04-05 18:28 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 17:09 - 2014-04-05 18:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-06 16:11 - 2014-08-05 22:31 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-06 06:21 - 2014-08-06 06:21 - 00025377 _____ () C:\Users\Aslan\Desktop\dds.txt
2014-08-06 06:21 - 2014-08-06 06:21 - 00003019 _____ () C:\Users\Aslan\Desktop\attach.txt
2014-08-06 06:18 - 2014-08-06 06:18 - 00688992 ____R (Swearware) C:\Users\Aslan\Desktop\dds.com
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-08-06 06:11 - 2014-08-06 06:11 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-08-06 06:10 - 2014-08-06 06:10 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup.exe
2014-08-06 05:46 - 2014-08-06 05:46 - 00000000 ____D () C:\Users\Aslan\CD95F661A5C444F5A6AAECDD91C240E3.TMP
2014-08-06 05:46 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan
2014-08-06 05:45 - 2014-08-06 05:44 - 58807808 _____ () C:\Users\Aslan\Downloads\wz185gev-64.msi
2014-08-06 04:50 - 2014-08-06 04:50 - 00000000 ____H () C:\Users\Aslan\Documents\Default.rdp
2014-08-06 02:54 - 2014-08-06 02:54 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2014-08-06 01:08 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Skype
2014-08-06 01:04 - 2014-04-23 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-08-06 00:25 - 2014-08-06 00:23 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-06 00:24 - 2014-08-06 00:24 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Skype
2014-08-06 00:24 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 00:23 - 2014-08-06 00:23 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-08-06 00:23 - 2014-08-06 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-06 00:02 - 2014-08-06 00:02 - 00003704 _____ () C:\Windows\System32\Tasks\Java Update Scheduler
2014-08-06 00:01 - 2014-08-05 23:51 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-05 23:53 - 2014-08-05 23:53 - 00002217 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2014-08-05 23:53 - 2014-08-05 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2014-08-05 23:53 - 2014-08-05 23:50 - 00000000 ____D () C:\ProgramData\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG
2014-08-05 23:52 - 2014-08-05 23:52 - 00000000 ____D () C:\Users\Aslan\AppData\Local\AVG
2014-08-05 23:52 - 2014-08-05 22:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-05 23:42 - 2014-08-05 23:41 - 77159736 _____ (AVG) C:\Users\Aslan\Downloads\avg_tuh_stf_all_2014_519_24c4.exe
2014-08-05 22:48 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\Avg2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\TuneUp Software
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\AVG2014
2014-08-05 22:42 - 2014-08-05 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-05 22:42 - 2014-08-05 22:41 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-05 22:41 - 2014-08-05 22:41 - 00000000 ___HD () C:\$AVG
2014-08-05 22:31 - 2014-08-05 22:31 - 04755928 _____ (AVG Technologies) C:\Users\Aslan\Downloads\avg_avct_stb_all_2014_4744_comppg_23.exe
2014-08-05 22:31 - 2014-08-05 22:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\MFAData
2014-08-05 21:32 - 2014-08-05 21:16 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Xfire
2014-08-05 21:29 - 2014-04-03 19:38 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-08-05 21:19 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000963 _____ () C:\Users\Public\Desktop\Xfire.lnk
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Program Files (x86)\Xfire
2014-08-05 21:15 - 2014-08-05 21:15 - 09714821 _____ () C:\Users\Aslan\Downloads\xfire_installer_46139.exe
2014-08-05 02:27 - 2014-07-31 22:45 - 00002334 _____ () C:\Users\Aslan\Desktop\Neues Textdokument (2).txt
2014-08-04 21:55 - 2014-08-04 21:54 - 00538220 _____ () C:\Users\Aslan\Desktop\noscript-2.6.8.36.xpi.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00526323 _____ () C:\Users\Aslan\Desktop\web_of_trust_wot-20131118-fx.zip
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Sun
2014-08-04 21:52 - 2014-08-04 21:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-04 21:51 - 2014-08-04 21:52 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-04 21:51 - 2014-08-04 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-04 21:51 - 2014-08-04 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-04 21:49 - 2014-08-04 21:49 - 00918952 _____ (Oracle Corporation) C:\Users\Aslan\Downloads\jxpiinstall.exe
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-04 21:45 - 2014-08-04 21:45 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-08-04 21:44 - 2014-08-04 21:44 - 01156136 _____ (Ruiware) C:\Users\Aslan\Downloads\wpsetup.exe
2014-08-04 11:12 - 2014-08-01 17:31 - 00001233 _____ () C:\DelFix.txt
2014-08-03 21:32 - 2014-08-03 21:32 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
2014-08-03 13:59 - 2014-08-03 13:59 - 00000000 ____D () C:\Users\Aslan\Documents\Symantec
2014-08-03 13:55 - 2014-08-03 13:53 - 281672840 ____N (Symantec Corporation) C:\Users\Aslan\Downloads\NIS-ESD-21.3.0-GE.exe
2014-08-03 12:53 - 2014-08-03 12:53 - 00002529 _____ () C:\Users\Public\Desktop\Norton Identity Safe.lnk
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Windows\system32\Drivers\NSTx64
2014-08-03 12:53 - 2014-08-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Norton Identity Safe
2014-08-03 03:43 - 2014-08-01 12:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-02 21:32 - 2014-08-01 12:41 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-02 21:32 - 2014-08-01 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-02 21:31 - 2014-08-02 21:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-01 17:32 - 2014-07-31 23:29 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner (2)
2014-08-01 17:32 - 2014-05-14 13:40 - 00000000 ____D () C:\Users\Aslan\Desktop\Neuer Ordner
2014-08-01 17:31 - 2014-08-01 11:33 - 00000000 ____D () C:\Windows\ERUNT
2014-08-01 15:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-01 14:26 - 2014-08-01 14:25 - 00288240 _____ () C:\Windows\Minidump\080114-48672-01.dmp
2014-08-01 14:22 - 2014-07-31 17:47 - 00000000 ____D () C:\Users\Aslan\Downloads\backups
2014-08-01 13:50 - 2014-08-01 13:50 - 00003256 _____ () C:\Windows\System32\Tasks\{CAAF69B9-C0CB-42E3-A3C8-407A55791B37}
2014-08-01 12:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-08-01 12:41 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 12:40 - 2014-08-01 12:40 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Aslan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-01 10:11 - 2014-04-23 08:44 - 00000000 ____D () C:\Users\dub_cm_auto
2014-08-01 10:10 - 2014-08-01 09:59 - 00000000 ____D () C:\Windows\erdnt
2014-08-01 03:47 - 2014-07-31 18:01 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-01 02:40 - 2014-08-01 00:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-01 02:16 - 2014-08-01 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-01 02:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-01 00:26 - 2014-08-01 00:26 - 00292200 _____ () C:\Windows\Minidump\080114-35677-01.dmp
2014-08-01 00:03 - 2014-08-01 00:03 - 00380416 _____ () C:\Users\Aslan\Downloads\Gmer-19357.exe
2014-07-31 23:52 - 2014-07-31 23:52 - 00000000 _____ () C:\Users\Aslan\defogger_reenable
2014-07-31 19:18 - 2014-04-23 15:05 - 00000000 ____D () C:\Program Files (x86)\City Interactive
2014-07-31 19:17 - 2014-04-23 15:05 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\City Interactive
2014-07-31 19:05 - 2014-07-31 19:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Aslan\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-31 18:27 - 2014-07-31 18:27 - 15492608 _____ (Luis Cobian, CobianSoft) C:\Users\Aslan\Downloads\cbSetup10.exe
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\Users\Aslan\AppData\Roaming\Nico Mak Computing
2014-07-31 18:01 - 2014-07-31 18:01 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-07-31 17:58 - 2014-07-31 17:58 - 00000000 ____D () C:\Users\Aslan\Desktop\backups
2014-07-31 17:49 - 2014-04-06 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 17:41 - 2014-07-31 17:31 - 00916010 _____ () C:\Users\Aslan\Downloads\Titanium_Maximum_Security_2014.exe.part
2014-07-31 17:36 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-31 17:33 - 2014-04-02 15:31 - 00000000 ____D () C:\Users\Aslan\AppData\Local\VirtualStore
2014-07-31 17:23 - 2014-07-31 17:22 - 00000000 ____D () C:\Users\Aslan\Desktop\Alte Firefox-Daten
2014-07-31 16:06 - 2014-04-06 11:03 - 00000000 ____D () C:\Users\Aslan\AppData\Local\CrashDumps
2014-07-31 14:50 - 2014-07-31 14:50 - 00779704 _____ (Symantec) C:\Users\Aslan\Downloads\Setup.exe
2014-07-31 14:49 - 2014-07-31 14:49 - 00000000 ____D () C:\ProgramData\F-Secure
2014-07-31 14:48 - 2014-07-31 14:48 - 05124208 _____ (F-Secure Corporation) C:\Users\Aslan\Downloads\F-SecureOnlineScanner-HC.exe
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieUserList
2014-07-31 03:31 - 2014-07-31 03:31 - 00000000 __SHD () C:\Users\Aslan\AppData\Local\EmieSiteList
2014-07-31 00:40 - 2014-07-31 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 10:52 - 2014-04-02 17:16 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-21 06:56 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-20 06:01 - 2014-04-02 19:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 06:00 - 2014-04-02 19:46 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-19 14:00 - 2014-04-03 20:41 - 00002420 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate.lnk
2014-07-19 13:17 - 2014-04-05 18:28 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-18 21:28 - 2014-07-18 21:28 - 00027972 _____ () C:\Users\Aslan\Downloads\476e3c2e0294986a554456f1da6f386b.dlc
2014-07-18 20:09 - 2014-04-05 18:27 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-18 20:09 - 2014-04-05 18:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-18 20:09 - 2014-04-05 18:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-14 12:26 - 2014-08-05 23:53 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2014-07-14 12:26 - 2014-08-05 23:53 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2014-07-14 12:26 - 2014-08-05 23:53 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

Some content of TEMP:
====================
C:\Users\Aslan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 20:40

==================== End Of Log ============================
 
this is the aswMBR log
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-08-06 18:10:27
-----------------------------
18:10:27.350    OS Version: Windows x64 6.1.7601 Service Pack 1
18:10:27.350    Number of processors: 8 586 0x2A07
18:10:27.351    ComputerName: ASLAN-PC  UserName: Aslan
18:10:28.455    Initialize success
18:10:28.501    VM: initialized successfully
18:10:28.519    VM: Intel CPU supported
18:10:39.702    VM: supported disk I/O iaStor.sys
18:12:19.044    AVAST engine defs: 14080600
18:12:38.326    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:12:38.332    Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
18:12:38.467    VM: Disk 0 MBR read successfully
18:12:38.472    Disk 0 MBR scan
18:12:38.501    Disk 0 Windows 7 default MBR code
18:12:38.510    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:12:38.522    Disk 0 default boot code
18:12:38.538    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       203900 MB offset 206848
18:12:38.557    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       272938 MB offset 417794048
18:12:38.709    Disk 0 scanning C:\Windows\system32\drivers
18:12:49.213    Service scanning
18:13:22.131    Modules scanning
18:13:22.138    Disk 0 trace - called modules:
18:13:22.158    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
18:13:22.164    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dbe790]
18:13:22.168    3 CLASSPNP.SYS[fffff88001d5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a1b050]
18:13:22.955    AVAST engine scan C:\Windows
18:13:24.581    AVAST engine scan C:\Windows\system32
18:16:16.799    AVAST engine scan C:\Windows\system32\drivers
18:16:29.214    AVAST engine scan C:\Users\Aslan
18:17:40.279    AVAST engine scan C:\ProgramData
18:18:19.191    Scan finished successfully
18:18:27.421    Disk 0 MBR has been saved successfully to "C:\Users\Aslan\Desktop\MBR.dat"
18:18:27.424    The log file has been saved successfully to "C:\Users\Aslan\Desktop\aswMBR.txt"

 

greetings

Attached Files

  • Attached File  MBR.zip   571bytes   1 downloads


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 06 August 2014 - 12:09 PM

There are no obvious signs of any malware in the logs.

Does this happen in all your browsers or one in particular?

Let's see if there is any leftover adware.

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 filterfilter

filterfilter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 06 August 2014 - 12:40 PM

ok done

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 06 August 2014 - 12:55 PM

how is the computer running now, are there any outstandintg issues?


 

sometimes my browser is closing or changing to other sites.

Does this happen in all your browsers or one in particular?

 

 

 


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 filterfilter

filterfilter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 06 August 2014 - 01:40 PM

computer is running good, for now there are no issues, i only use firefox it happened several times but it is running alot better now, but before i started the scans i had a blue screen, after the restart i had no problems left.



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 06 August 2014 - 01:57 PM

ok,

 

You could try taking a look at all the add-ons that you have installed in FireFox and remove those that you aren't using, then check for updates to the ones you want to keep.

 

save (export) your favourites, then reset firefox back to default

 

At the top of the Firefox window, click the "Firefox" button,

go over to the "Help" sub-menu

(on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".

Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.

click "Reset Firefox" in the confirmation window that opens.

Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

 

restart the computer


Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 filterfilter

filterfilter
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:46 PM

Posted 09 August 2014 - 06:48 AM

ok thank you very much for you help :)

 

sincerly,

filterfilter          



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 09 August 2014 - 04:21 PM

We just have some housekeeping to do now,

Please do the following:

You can delete the FRST, DDS and aswMBR logs and programs from your desktop.


NEXT
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Edited by CatByte, 09 August 2014 - 04:21 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:46 PM

Posted 24 August 2014 - 10:24 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users