Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - Exclusive rewards


  • This topic is locked This topic is locked
34 replies to this topic

#1 Robikar

Robikar

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 04 September 2014 - 07:26 PM

Have a problem with a malware directing to a site with exclusiverewards in its URL. Other than that there seems to be a randomly generated string before this as well as a somewhat weird part of the URL afterwards, such as: <random string>exclusiverewards.baseballnose.eu/<random string>

 

Most problems I've found regarding exclusive rewards has been about constant popups when opening a new tab in the browser and such. My problem is quite different as it pops up maybe once or twice a day. (Lets say 3ish hours of browsing, as I tab to browse once a while when I game).

 

I saw in your guide that I'm not supposed to run ComboFix without you looking first, but unfortuntaly I saw this after I actually ran it. (Made sure all AVs and such was off as it prompted me to do). Hopefully this isn't too much of a problem.

 

Hopefully you can find a solution to the problem, as I've struggled with fixing it myself! :)

 

---------------------------------------------

dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.65.2
Run by Robin at 2:10:24 on 2014-09-05
Microsoft Windows 7 Professional   6.1.7601.1.1252.47.1033.18.16359.11037 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k gpsvcgroup
c:\windows\system32\svchost.exe -k localservice
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
c:\windows\system32\svchost.exe -k networkservice
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k localservicenonetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\taskeng.exe
H:\Spill\Hi-Rez-Studios\HiPatchService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
H:\Program Files (x86)\OpenOffice\program\soffice.exe
H:\Program Files (x86)\OpenOffice\program\soffice.bin
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
H:\Logitech setpoint\SetPointG\SetPointII.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\SearchIndexer.exe
c:\windows\system32\svchost.exe -k bthsvcs
c:\windows\system32\svchost.exe -k localservicepeernet
C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
H:\Spill\Battle.net\Battle.net.4944\Battle.net.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
C:\Windows\System32\perfmon.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\ProgramData\Battle.net\Agent\Agent.3323\Agent.exe
C:\Windows\explorer.exe
H:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Easy-Hide-IP] C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
uRun: [AdobeBridge] <no file>
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [Corsair Headset Software] "C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe" /minimized
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Robin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - H:\Program Files (x86)\OpenOffice\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_65-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{9C8AFD3C-3FF7-4A19-AAD4-209D08CD4722} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} -
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - LocalServer32 - <no file>
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [EvtMgr6] H:\Logitech setpoint\SetPointP\SetPoint.exe /launchGaming
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: H:\Spill\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: H:\Spill\Ubisoft Game Launcher\npuplaypchub.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;H:\Spill\Hi-Rez-Studios\HiPatchService.exe [2012-9-1 9216]
R0 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2014-9-3 448400]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-3 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-3 224896]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-8-27 297000]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-9-3 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-3 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-3 427360]
R1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [2014-9-4 247488]
R1 iSafeKrnlKit;iSafeKrnl Kit Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [2014-9-4 78016]
R1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [2014-9-4 65216]
R1 iSafeNetFilter;iSafeNetFilter NDIS Driver;C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys [2014-9-4 49320]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-3 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-3 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-3 92008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-3 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-9-3 106488]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-7 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-7 128512]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-8-31 127752]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-10-14 133800]
R2 iSafeService;iSafeService;C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [2014-9-4 118048]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-4 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 18956064]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-8-27 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-8-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-8-27 171928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-31 411936]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-13 560528]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-13 298656]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-13 28832]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-13 154272]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-13 280224]
R3 CorsairAudioFilter;Corsair Audio Filtering Service;C:\Windows\System32\drivers\corsveng2kamd64.sys [2014-2-3 109912]
R3 CORSGKB;Corsair Gaming Keyboard;C:\Windows\System32\drivers\CORSGKB.sys [2012-11-20 25600]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-26 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-5-26 40392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-8-30 112496]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-13 51872]
S3 cxbu0x64;OMNIKEY 3x21;C:\Windows\System32\drivers\cxbu0x64.sys [2011-9-6 177920]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-4-19 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 iSafeKrnlBoot;iSafeKrnl Boot Driver;C:\Windows\System32\drivers\iSafeKrnlBoot.sys [2014-9-4 45248]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 133928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-16 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-4-19 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;C:\Windows\System32\drivers\tap0901_openvpn_accl.sys [2012-8-21 37912]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-16 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-14 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="H:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-04 23:55:43    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-09-04 23:37:43    --------    d-----w-    C:\FRST
2014-09-04 22:56:03    --------    d-----w-    C:\ProgramData\SecTaskMan
2014-09-04 18:45:47    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26142B34-EF7D-4D1E-8C5E-1F7150A63D66}\offreg.dll
2014-09-04 15:35:33    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26142B34-EF7D-4D1E-8C5E-1F7150A63D66}\mpengine.dll
2014-09-04 14:22:06    45248    ----a-w-    C:\Windows\System32\drivers\iSafeKrnlBoot.sys
2014-09-04 14:22:06    --------    d-----w-    C:\Windows\System32\log
2014-09-04 14:22:00    --------    d-----w-    C:\Program Files (x86)\Elex-tech
2014-09-04 14:21:59    --------    d-----w-    C:\Users\Robin\AppData\Roaming\iSafe
2014-09-04 14:20:41    --------    d-----w-    C:\Users\Robin\AppData\Roaming\eCyber
2014-09-04 13:59:55    --------    d-----w-    C:\Users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-04 04:01:45    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-04 04:01:41    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-04 04:01:41    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-09-04 04:01:41    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-04 04:01:41    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-03 13:42:59    28184    ----a-w-    C:\Windows\System32\drivers\aswKbd.sys
2014-09-03 13:42:56    448400    ----a-w-    C:\Windows\System32\drivers\aswNdisFlt.sys
2014-09-03 13:41:11    --------    d-----w-    C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-03 13:40:51    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-09-03 13:40:51    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-09-03 13:40:51    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-03 13:40:51    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-09-03 13:40:51    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-09-03 13:40:51    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-09-03 13:40:51    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-09-03 13:40:49    43152    ----a-w-    C:\Windows\avastSS.scr
2014-09-03 13:10:29    11319192    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-02 03:34:13    --------    d-----w-    C:\ProgramData\Auslogics
2014-09-02 03:23:00    --------    d-----w-    C:\Program Files (x86)\RegUtility
2014-09-02 01:15:16    --------    d-----w-    C:\Users\Robin\AppData\Roaming\raidcall
2014-09-01 22:24:43    --------    d-----w-    C:\Users\Robin\AppData\Local\Adobe
2014-09-01 22:01:35    98816    ----a-w-    C:\Windows\sed.exe
2014-09-01 22:01:35    256000    ----a-w-    C:\Windows\PEV.exe
2014-09-01 22:01:35    208896    ----a-w-    C:\Windows\MBR.exe
2014-09-01 20:12:31    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-09-01 20:12:11    --------    d-----w-    C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-31 17:17:13    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-08-30 21:09:55    48656    ----a-w-    C:\Windows\System32\drivers\asd2fsm.sys
2014-08-30 21:09:54    --------    d-----w-    C:\ProgramData\Anvisoft
2014-08-30 21:09:52    --------    d-----w-    C:\Program Files (x86)\Anvisoft
2014-08-30 01:47:17    1169712    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B467C96-EAD5-4C10-A16C-6B70CACBF6C5}\gapaengine.dll
2014-08-30 01:41:52    --------    d-----w-    C:\Program Files\HitmanPro
2014-08-30 00:52:03    --------    d-----w-    C:\Users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-28 14:23:29    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-08-28 14:12:01    --------    d-----w-    C:\AdwCleaner
2014-08-27 18:48:56    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-08-27 18:48:51    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-27 18:04:31    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-27 18:04:31    3163648    ----a-w-    C:\Windows\System32\win32k.sys
2014-08-27 18:04:31    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-20 06:52:36    47632    ----a-w-    C:\Windows\System32\drivers\asdids.sys
2014-08-14 04:51:38    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-08-14 04:51:38    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-08-14 04:51:38    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-08-14 04:51:38    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-08-14 04:51:37    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-08-14 04:51:37    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-08-14 04:51:31    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 04:51:31    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-08-09 18:40:48    70144    ----a-w-    C:\Windows\SysWow64\tasks.dll
2014-08-08 19:02:07    --------    d-----w-    C:\ProgramData\HitmanPro
2014-08-08 18:32:52    31232    ----a-w-    C:\Windows\System32\drivers\tap0901t.sys
2014-08-08 18:32:52    --------    d-----w-    C:\Users\Robin\AppData\Roaming\Tunngle
.
==================== Find3M  ====================
.
2014-09-03 13:53:27    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-03 13:53:27    699568    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-30 02:52:56    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-08-07 02:06:41    529920    ----a-w-    C:\Windows\System32\aepdu.dll
2014-08-07 02:01:34    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-07-25 14:02:12    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:50:29    1291280    ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29    1126480    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11    1715224    ----a-w-    C:\Windows\System32\nvspbridge64.dll
2014-07-25 13:50:11    1283136    ----a-w-    C:\Windows\System32\nvspcap64.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\Windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-07-16 02:46:02    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-07-11 01:03:05    880040    ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
2014-07-11 01:02:55    802728    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2014-07-11 01:02:05    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 02:03:23    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43    6783776    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-07-02 18:55:43    3522392    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-07-02 18:55:41    935368    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-07-02 18:55:41    62808    ----a-w-    C:\Windows\System32\nvshext.dll
2014-07-02 18:55:41    386520    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-07-02 17:44:45    609240    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-07-02 10:14:12    3826628    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH:  2:10:30,03 ===============

 

---------------------------------------------

ComboFix.txt:

 

ComboFix 14-09-05.01 - Robin 05.09.2014   1:52.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.47.1033.18.16359.11394 [GMT 2:00]
Kjører fra: c:\users\Robin\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Forrige skanning -------
.
c:\windows\wininit.ini
H:\install.exe
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2014-08-04 til 2014-09-04  )))))))))))))))))))))))))))))))))
.
.
2014-09-04 23:55 . 2014-09-04 23:55    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-04 23:37 . 2014-09-04 23:39    --------    d-----w-    C:\FRST
2014-09-04 22:56 . 2014-09-04 22:57    --------    d-----w-    c:\programdata\SecTaskMan
2014-09-04 18:45 . 2014-09-04 18:45    75888    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26142B34-EF7D-4D1E-8C5E-1F7150A63D66}\offreg.dll
2014-09-04 15:35 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26142B34-EF7D-4D1E-8C5E-1F7150A63D66}\mpengine.dll
2014-09-04 14:22 . 2014-09-04 14:22    --------    d-----w-    c:\windows\system32\log
2014-09-04 14:22 . 2014-08-08 06:24    45248    ----a-w-    c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-09-04 14:22 . 2014-09-04 14:22    --------    d-----w-    c:\program files (x86)\Elex-tech
2014-09-04 14:21 . 2014-09-04 23:41    --------    d-----w-    c:\users\Robin\AppData\Roaming\iSafe
2014-09-04 14:20 . 2014-09-04 14:22    --------    d-----w-    c:\users\Robin\AppData\Roaming\eCyber
2014-09-04 13:59 . 2014-09-04 23:41    --------    d-----w-    c:\users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-04 04:01 . 2014-09-04 23:11    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-04 04:01 . 2014-09-04 04:01    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-04 04:01 . 2014-05-12 05:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-04 04:01 . 2014-05-12 05:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-04 04:01 . 2014-05-12 05:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-03 15:38 . 2014-09-03 15:38    --------    d-----w-    c:\program files\Mozilla Firefox
2014-09-03 13:42 . 2014-09-03 13:42    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-09-03 13:42 . 2014-09-03 13:42    448400    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2014-09-03 13:41 . 2014-09-03 13:41    --------    d-----w-    c:\users\Robin\AppData\Roaming\AVAST Software
2014-09-03 13:40 . 2014-09-03 13:40    427360    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-09-03 13:40 . 2014-09-03 13:40    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-09-03 13:40 . 2014-09-03 13:40    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-09-03 13:40 . 2014-09-03 13:40    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-09-03 13:40 . 2014-09-03 13:40    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-09-03 13:40 . 2014-09-03 13:40    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-09-03 13:40 . 2014-09-03 13:40    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-09-03 13:40 . 2014-09-03 13:40    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-09-03 13:40 . 2014-09-03 13:40    43152    ----a-w-    c:\windows\avastSS.scr
2014-09-03 13:10 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-02 03:34 . 2014-09-02 03:34    --------    d-----w-    c:\programdata\Auslogics
2014-09-02 03:23 . 2014-09-02 03:35    --------    d-----w-    c:\program files (x86)\RegUtility
2014-09-02 01:15 . 2014-09-02 01:15    --------    d-----w-    c:\users\Robin\AppData\Roaming\raidcall
2014-09-01 22:24 . 2014-09-04 00:00    --------    d-----w-    c:\users\Robin\AppData\Local\Adobe
2014-09-01 20:12 . 2014-09-01 20:12    --------    d-----w-    c:\program files\Enigma Software Group
2014-09-01 20:12 . 2014-09-01 21:07    --------    d-----w-    c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-31 17:17 . 2014-08-31 17:21    --------    d-----w-    c:\program files (x86)\VS Revo Group
2014-08-30 21:09 . 2014-08-20 06:52    48656    ----a-w-    c:\windows\system32\drivers\asd2fsm.sys
2014-08-30 21:09 . 2014-08-30 21:09    --------    d-----w-    c:\programdata\Anvisoft
2014-08-30 21:09 . 2014-08-30 22:04    --------    d-----w-    c:\program files (x86)\Anvisoft
2014-08-30 01:47 . 2014-08-20 11:07    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B467C96-EAD5-4C10-A16C-6B70CACBF6C5}\gapaengine.dll
2014-08-30 01:41 . 2014-08-31 03:27    --------    d-----w-    c:\program files\HitmanPro
2014-08-30 00:52 . 2014-08-30 00:52    --------    d-----w-    c:\users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-28 14:23 . 2010-08-30 06:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-28 14:12 . 2014-09-01 21:22    --------    d-----w-    C:\AdwCleaner
2014-08-27 18:48 . 2013-09-20 08:49    21040    ----a-w-    c:\windows\system32\sdnclean64.exe
2014-08-27 18:48 . 2014-08-27 18:49    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-27 18:04 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-27 18:04 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-27 18:04 . 2014-08-23 00:59    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-20 06:52 . 2014-08-20 06:52    47632    ----a-w-    c:\windows\system32\drivers\asdids.sys
2014-08-14 04:51 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-14 04:51 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-14 04:51 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-14 04:51 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-14 04:51 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-14 04:51 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-14 04:51 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 04:51 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-09 18:40 . 2014-08-27 18:40    70144    ----a-w-    c:\windows\SysWow64\tasks.dll
2014-08-08 19:02 . 2014-08-29 01:53    --------    d-----w-    c:\programdata\HitmanPro
2014-08-08 18:32 . 2014-08-08 18:48    --------    d-----w-    c:\users\Robin\AppData\Roaming\Tunngle
2014-08-08 18:32 . 2009-09-16 05:02    31232    ----a-w-    c:\windows\system32\drivers\tap0901t.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-03 13:53 . 2012-03-30 08:04    699568    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-03 13:53 . 2011-10-14 19:30    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-03 13:40 . 2011-10-14 19:28    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-08-30 02:52 . 2012-05-22 14:14    18960    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2014-08-20 11:07 . 2012-02-11 14:44    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-14 04:53 . 2011-10-16 10:26    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-07-25 13:50 . 2014-06-02 16:01    1291280    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2013-10-29 00:35    1126480    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-02 16:01    1715224    ----a-w-    c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2013-10-29 00:35    1283136    ----a-w-    c:\windows\system32\nvspcap64.dll
2014-07-11 01:03 . 2014-07-19 11:14    880040    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2014-07-11 01:02 . 2014-07-19 11:14    802728    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2014-07-11 01:02 . 2013-11-10 13:58    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-02 20:48 . 2014-07-31 03:25    944928    ----a-w-    c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-07-31 03:25    907096    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-07-31 03:25    846832    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2014-07-02 20:48 . 2014-07-31 03:25    354016    ----a-w-    c:\windows\system32\nvoglshim64.dll
2014-07-02 20:48 . 2014-07-31 03:25    31512520    ----a-w-    c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-07-31 03:25    305600    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2014-07-02 20:48 . 2014-07-31 03:25    24196896    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-07-31 03:25    166568    ----a-w-    c:\windows\system32\nvinitx.dll
2014-07-02 20:48 . 2014-07-31 03:25    146480    ----a-w-    c:\windows\SysWow64\nvinit.dll
2014-07-02 20:48 . 2014-07-31 03:25    13922752    ----a-w-    c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 03:25    12866008    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-07-31 03:25    11283344    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-07-31 03:25    903624    ----a-w-    c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-07-31 03:25    869152    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-07-31 03:25    4247000    ----a-w-    c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 03:25    3989960    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-07-31 03:25    22994208    ----a-w-    c:\windows\system32\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 03:25    1890080    ----a-w-    c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-07-31 03:25    1539928    ----a-w-    c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-07-31 03:25    15294296    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-07-31 03:25    13835208    ----a-w-    c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-07-31 03:25    11222048    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2013-11-19 18:25    16122344    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2012-09-15 03:38    2814656    ----a-w-    c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2012-02-23 17:02    965312    ----a-w-    c:\windows\system32\nvumdshimx.dll
2014-07-02 20:48 . 2011-05-21 04:01    3196816    ----a-w-    c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2011-05-21 04:01    18626304    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2011-05-21 04:01    17555104    ----a-w-    c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2011-05-21 04:01    14498552    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2014-07-02 18:55 . 2011-10-14 18:30    6783776    ----a-w-    c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2011-10-14 18:30    3522392    ----a-w-    c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2011-10-14 18:30    935368    ----a-w-    c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2011-10-14 18:30    62808    ----a-w-    c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2011-10-14 18:30    386520    ----a-w-    c:\windows\system32\nvmctray.dll
2014-07-02 17:44 . 2014-07-31 03:26    609240    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2014-07-02 10:14 . 2012-02-23 17:03    3826628    ----a-w-    c:\windows\system32\nvcoproc.bin
2014-06-18 02:18 . 2014-07-09 22:02    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 22:02    646144    ----a-w-    c:\windows\SysWow64\osk.exe
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-Hide-IP"="c:\program files (x86)\Easy-Hide-IP\easy-hide-ip.exe" [BU]
"AdobeBridge"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-05-22 1780736]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-12-12 707472]
"Corsair Headset Software"="c:\program files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe" [2014-02-12 3167544]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-03 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-16 0]
Dropbox.lnk - c:\users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
OpenOffice.org 3.3.lnk - h:\program files (x86)\OpenOffice\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 CorsairCAHS1;CA-HS1 Interface;c:\windows\system32\drivers\CAHS164.sys;c:\windows\SYSNATIVE\drivers\CAHS164.sys [x]
R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 tap0901_openvpn_accl;TAP-Win32 Adapter V9 for OpenVPN Accelerator;c:\windows\system32\DRIVERS\tap0901_openvpn_accl.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901_openvpn_accl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 iSafeKrnl;iSafeKrnl Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;iSafeNetFilter NDIS Driver;c:\program files (x86)\Elex-tech\YAC\iSafeNetFilter.sys;c:\program files (x86)\Elex-tech\YAC\iSafeNetFilter.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 iSafeService;iSafeService;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CorsairAudioFilter;Corsair Audio Filtering Service;c:\windows\system32\DRIVERS\corsveng2kamd64.sys;c:\windows\SYSNATIVE\DRIVERS\corsveng2kamd64.sys [x]
S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys;c:\windows\SYSNATIVE\drivers\CORSGKB.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-04 17:04    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2014-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:53]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 17:25]
.
2014-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10 17:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Robin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-03 13:40    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"EvtMgr6"="h:\logitech setpoint\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\
.
- - - - TOMME PEKERE FJERNET - - - -
.
Wow6432Node-HKU-Default-Run-Stronghold AntiMalware - c:\program files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_USERS\S-1-5-21-2789722624-2755277622-3666452313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**‰file:///H:/Musikk/Ozzy%20Osbourne-15%20CD%20Discography/Ozzy%20Osbourne%20-%20Black%20Rain/09%20-%20Countdown%27s%20Begun.flac*-aNü ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2789722624-2755277622-3666452313-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**‰file:///H:/Musikk/Ozzy%20Osbourne-15%20CD%20Discography/Ozzy%20Osbourne%20-%20Black%20Rain/09%20-%20Countdown%27s%20Begun.flac*-aNü \OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tidspunkt ferdig: 2014-09-05  01:56:04
ComboFix-quarantined-files.txt  2014-09-04 23:56
.
Pre-Run: 60 881 530 880 bytes free
Post-Run: 60 715 511 808 bytes free
.
- - End Of File - - A0911E552BA383C0D26A1623B76FB8B9
A36C5E4F47E84449FF07ED3517B43A31
 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 04 September 2014 - 07:44 PM

Hello 

Robikar

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Things to include in your next reply::

AdwCleaner log

JRT.txt

FRST.txt

Addition.txt

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 04 September 2014 - 08:07 PM

AdwCleaner log:

 

# AdwCleaner v3.309 - Report created 05/09/2014 at 02:48:30
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Robin - ROBIN-PC
# Running from : C:\Users\Robin\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\SecTaskMan
Folder Deleted : C:\Users\Public\Documents\Stronghold AntiMalware
Folder Deleted : C:\Users\Robin\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Robin\AppData\Roaming\iSafe
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\iSafe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\prefs.js ]


-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3634 octets] - [28/08/2014 16:23:16]
AdwCleaner[R1].txt - [1080 octets] - [28/08/2014 16:29:42]
AdwCleaner[R2].txt - [1140 octets] - [29/08/2014 15:44:24]
AdwCleaner[R3].txt - [1318 octets] - [30/08/2014 03:34:33]
AdwCleaner[R4].txt - [1381 octets] - [30/08/2014 23:01:17]
AdwCleaner[R5].txt - [1623 octets] - [01/09/2014 22:51:51]
AdwCleaner[R6].txt - [1683 octets] - [01/09/2014 22:53:43]
AdwCleaner[R7].txt - [1621 octets] - [01/09/2014 23:20:22]
AdwCleaner[R8].txt - [1741 octets] - [01/09/2014 23:22:10]
AdwCleaner[R9].txt - [2413 octets] - [05/09/2014 02:47:05]
AdwCleaner[S0].txt - [3477 octets] - [28/08/2014 16:27:19]
AdwCleaner[S1].txt - [1202 octets] - [29/08/2014 15:45:34]
AdwCleaner[S2].txt - [1381 octets] - [30/08/2014 03:35:25]
AdwCleaner[S3].txt - [1442 octets] - [30/08/2014 23:03:11]
AdwCleaner[S4].txt - [1682 octets] - [01/09/2014 23:21:02]
AdwCleaner[S5].txt - [2171 octets] - [05/09/2014 02:48:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2231 octets] ##########
 

----------------------------------------------

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Robin on 05.09.2014 at  2:54:47,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] isafekrnl
Failed to stop: [Service] isafeservice



~~~ Registry Values



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Robin\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Robin\AppData\Roaming\isafe"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.09.2014 at  2:58:33,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

----------------------------------------------

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Robin (administrator) on ROBIN-PC on 05-09-2014 03:01:54
Running from C:\Users\Robin\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hi-Rez Studios) H:\Spill\Hi-Rez-Studios\HiPatchService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Dropbox, Inc.) C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(OpenOffice.org) H:\Program Files (x86)\OpenOffice\program\soffice.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe
(Don HO don.h@free.fr) H:\Program Files (x86)\Notepad++\notepad++.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(OpenOffice.org) H:\Program Files (x86)\OpenOffice\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Logitech, Inc.) H:\Logitech setpoint\SetPointG\SetPointII.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Curse) C:\Users\Robin\AppData\Local\Apps\2.0\CR2J79ZZ.0AW\VC1WM6Z1.62R\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Elex-tech\YAC\ipcdl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => H:\Logitech setpoint\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2012-05-22] (Corsair Components  Inc)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-03] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [Easy-Hide-IP] => C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> H:\Program Files (x86)\OpenOffice\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x27B41F4CE150CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.3.1 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.3.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Robin\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin HKCU: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> H:\Spill\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: WOT - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-05]
FF Extension: Firebug - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\firebug@software.joehewitt.com.xpi [2014-08-08]
FF Extension: Twitch TV Emoticon Panel - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\twitchtvemotes@killerud.com.xpi [2014-08-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-03]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (avast! Online Security) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-09-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-09-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
U2 HiPatchService; H:\Spill\Hi-Rez-Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-31] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2012-04-26] () [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-30] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-09-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-03] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-03] ()
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)
R3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [247488 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [78016 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65216 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2012-08-21] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 CorsairCAHS1; system32\drivers\CAHS164.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 03:01 - 2014-09-05 03:01 - 00000000 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-05 03:00 - 2014-09-05 03:00 - 00062011 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-09-05 02:59 - 2014-09-05 02:59 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-05 02:58 - 2014-09-05 02:58 - 00000927 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-09-05 02:54 - 2014-09-05 02:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 02:52 - 2014-09-05 02:53 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-09-05 02:49 - 2014-09-05 02:49 - 00000000 ___RD () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 02:46 - 2014-09-05 02:46 - 01370467 _____ () C:\Users\Robin\Downloads\AdwCleaner.exe
2014-09-05 02:09 - 2014-09-05 02:09 - 00688992 ____R (Swearware) C:\Users\Robin\Downloads\dds.com
2014-09-05 01:56 - 2014-09-05 01:56 - 00038138 _____ () C:\ComboFix.txt
2014-09-05 01:37 - 2014-09-05 03:01 - 00000000 ____D () C:\FRST
2014-09-05 00:55 - 2014-09-01 22:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012 - Copy.exe
2014-09-04 17:23 - 2014-09-05 02:49 - 00001780 _____ () C:\Windows\PFRO.log
2014-09-04 17:00 - 2014-09-05 02:49 - 00000448 _____ () C:\Windows\setupact.log
2014-09-04 17:00 - 2014-09-04 17:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 16:22 - 2014-09-05 02:48 - 00000000 ____D () C:\Windows\system32\log
2014-09-04 16:22 - 2014-09-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-09-04 16:22 - 2014-09-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-09-04 16:20 - 2014-09-04 16:20 - 00865688 _____ (Elex do Brasil Participações Ltda) C:\Users\Robin\Downloads\yet_another_cleaner_bbs.exe
2014-09-04 15:59 - 2014-09-05 01:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-04 06:01 - 2014-09-05 01:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 06:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 06:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-03 15:43 - 2014-09-03 15:43 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-09-03 15:42 - 2014-09-03 15:42 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-09-03 15:42 - 2014-09-03 15:42 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-09-03 15:41 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-03 15:41 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-03 15:40 - 2014-09-04 17:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-03 15:40 - 2014-09-03 15:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-03 15:40 - 2014-09-03 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 05:34 - 2014-09-02 05:34 - 00000000 ____D () C:\ProgramData\Auslogics
2014-09-02 05:23 - 2014-09-02 05:35 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-02 03:15 - 2014-09-02 03:15 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\raidcall
2014-09-02 00:24 - 2014-09-05 02:00 - 00000000 ____D () C:\Users\Robin\AppData\Local\Adobe
2014-09-02 00:24 - 2014-09-04 15:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-02 00:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 00:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 00:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-01 23:58 - 2014-09-05 01:56 - 00000000 ____D () C:\Qoobox
2014-09-01 23:58 - 2014-09-02 00:07 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 23:55 - 2014-09-05 01:45 - 05576440 ____R (Swearware) C:\Users\Robin\Downloads\ComboFix.exe
2014-09-01 23:35 - 2014-09-05 02:52 - 00265420 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 23:31 - 2014-09-01 23:31 - 00004892 _____ () C:\Windows\system32\.crusader
2014-09-01 23:09 - 2014-09-01 23:09 - 00006200 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-01 22:52 - 2014-09-01 22:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 22:12 - 2014-09-01 23:07 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 _____ () C:\autoexec.bat
2014-08-31 19:17 - 2014-08-31 19:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-31 05:27 - 2014-08-31 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-30 23:10 - 2014-08-31 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-30 23:09 - 2014-08-31 00:04 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-30 23:09 - 2014-08-30 23:09 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-08-30 23:09 - 2014-08-20 08:52 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-08-30 03:41 - 2014-08-31 05:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-30 02:52 - 2014-08-30 02:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-29 03:52 - 2014-08-29 03:52 - 00000679 _____ () C:\Users\Robin\Robin - Shortcut.lnk
2014-08-28 16:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-28 16:12 - 2014-09-05 02:48 - 00000000 ____D () C:\AdwCleaner
2014-08-27 20:49 - 2014-08-27 20:49 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2014-08-27 20:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-27 20:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
2014-08-20 02:18 - 2014-08-20 02:18 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-17 19:35 - 2014-08-17 19:35 - 00000000 ____D () C:\Users\Robin\Documents\Fax
2014-08-14 06:51 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 06:51 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 06:51 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 06:51 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 06:51 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 06:51 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 06:51 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 06:51 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 03:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 03:33 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 03:33 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 03:33 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 03:33 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 03:33 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 03:33 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 03:33 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 03:33 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 03:33 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 03:33 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 03:33 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 03:33 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 03:33 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 03:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 03:33 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 03:33 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 03:33 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 03:33 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 03:33 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 03:33 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 03:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 03:33 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 03:33 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 03:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 03:33 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 03:33 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 03:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 03:33 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 03:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 03:33 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 03:33 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 03:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 03:33 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 03:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 03:33 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 03:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 03:33 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 03:33 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 03:33 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 03:33 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 03:33 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 03:33 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 03:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 03:33 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 03:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 03:33 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 03:33 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 03:33 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 03:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 03:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 03:33 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 03:33 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 03:33 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 03:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 03:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 03:33 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 03:33 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 03:33 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 03:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 03:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 03:33 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 03:33 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 03:33 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 03:33 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 03:33 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 03:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 03:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 03:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 03:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-09 20:40 - 2014-08-27 20:40 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-08 21:02 - 2014-08-29 03:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-08 20:40 - 2014-08-08 20:40 - 00003256 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-08 20:34 - 2014-08-08 20:34 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-08 20:32 - 2014-08-08 20:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Tunngle
2014-08-08 20:32 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\Documents\Tunngle
2014-08-08 20:32 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 03:01 - 2014-09-05 03:01 - 00000000 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-05 03:01 - 2014-09-05 01:37 - 00000000 ____D () C:\FRST
2014-09-05 03:00 - 2014-09-05 03:00 - 00062011 _____ () C:\Users\Robin\Downloads\FRST.txt
2014-09-05 02:59 - 2014-09-05 02:59 - 02104832 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe
2014-09-05 02:58 - 2014-09-05 02:58 - 00000927 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-09-05 02:56 - 2009-07-14 07:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 02:56 - 2009-07-14 06:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 02:56 - 2009-07-14 06:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 02:54 - 2014-09-05 02:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 02:53 - 2014-09-05 02:52 - 01016261 _____ (Thisisu) C:\Users\Robin\Downloads\JRT.exe
2014-09-05 02:52 - 2014-09-01 23:35 - 00265420 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 02:52 - 2011-10-14 20:52 - 00000000 ____D () C:\Users\Robin\Desktop\Spill
2014-09-05 02:51 - 2011-10-16 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Local\Deployment
2014-09-05 02:49 - 2014-09-05 02:49 - 00000000 ___RD () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 02:49 - 2014-09-04 17:23 - 00001780 _____ () C:\Windows\PFRO.log
2014-09-05 02:49 - 2014-09-04 17:00 - 00000448 _____ () C:\Windows\setupact.log
2014-09-05 02:49 - 2013-10-11 02:23 - 00000000 _____ () C:\Windows\system32\Ikeext.etl
2014-09-05 02:49 - 2013-10-10 19:25 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 02:49 - 2012-03-31 11:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Dropbox
2014-09-05 02:49 - 2011-10-14 20:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-05 02:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 02:48 - 2014-09-04 16:22 - 00000000 ____D () C:\Windows\system32\log
2014-09-05 02:48 - 2014-08-28 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 02:48 - 2013-12-04 17:28 - 00000000 ____D () C:\Users\Robin\AppData\Local\Battle.net
2014-09-05 02:46 - 2014-09-05 02:46 - 01370467 _____ () C:\Users\Robin\Downloads\AdwCleaner.exe
2014-09-05 02:41 - 2011-10-14 21:37 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\vlc
2014-09-05 02:40 - 2011-10-16 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apps\2.0
2014-09-05 02:29 - 2012-01-02 23:52 - 00007619 _____ () C:\Users\Robin\AppData\Local\Resmon.ResmonCfg
2014-09-05 02:09 - 2014-09-05 02:09 - 00688992 ____R (Swearware) C:\Users\Robin\Downloads\dds.com
2014-09-05 02:04 - 2013-10-10 19:25 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 02:04 - 2012-03-30 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 02:00 - 2014-09-02 00:24 - 00000000 ____D () C:\Users\Robin\AppData\Local\Adobe
2014-09-05 01:56 - 2014-09-05 01:56 - 00038138 _____ () C:\ComboFix.txt
2014-09-05 01:56 - 2014-09-01 23:58 - 00000000 ____D () C:\Qoobox
2014-09-05 01:56 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default
2014-09-05 01:55 - 2011-10-22 18:50 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-09-05 01:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-05 01:45 - 2014-09-01 23:55 - 05576440 ____R (Swearware) C:\Users\Robin\Downloads\ComboFix.exe
2014-09-05 01:41 - 2014-09-04 15:59 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-05 01:35 - 2012-08-19 04:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E3F159EA-DA14-4307-BCFE-2A23EAD85226}
2014-09-05 01:11 - 2014-09-04 06:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 00:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-04 17:23 - 2014-09-03 15:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 17:21 - 2011-10-14 22:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Skype
2014-09-04 17:00 - 2014-09-04 17:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 16:22 - 2014-09-04 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-09-04 16:22 - 2014-09-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-09-04 16:20 - 2014-09-04 16:20 - 00865688 _____ (Elex do Brasil Participações Ltda) C:\Users\Robin\Downloads\yet_another_cleaner_bbs.exe
2014-09-04 15:27 - 2014-09-02 00:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 05:52 - 2012-04-25 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 17:38 - 2014-09-03 17:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-03 15:53 - 2012-03-30 10:04 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 15:53 - 2012-03-30 10:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-03 15:53 - 2011-10-14 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-03 15:43 - 2014-09-03 15:43 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-09-03 15:43 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-03 15:42 - 2014-09-03 15:42 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-09-03 15:42 - 2014-09-03 15:42 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-09-03 15:41 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-03 15:40 - 2014-09-03 15:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-03 15:40 - 2014-09-03 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-03 15:40 - 2011-10-14 21:28 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-03 15:40 - 2011-10-14 21:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-03 00:31 - 2012-09-18 01:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-03 00:27 - 2013-09-08 15:32 - 00000000 ____D () C:\Users\Robin\Desktop\Guild News
2014-09-02 05:35 - 2014-09-02 05:23 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-02 05:34 - 2014-09-02 05:34 - 00000000 ____D () C:\ProgramData\Auslogics
2014-09-02 03:15 - 2014-09-02 03:15 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\raidcall
2014-09-02 03:15 - 2013-06-29 03:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-09-02 00:24 - 2011-10-21 17:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-02 00:24 - 2011-10-21 17:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-02 00:07 - 2014-09-01 23:58 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 23:34 - 2011-12-12 18:08 - 00000000 ____D () C:\Users\UpdatusUser.Robin-PC
2014-09-01 23:34 - 2011-10-29 00:36 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 23:33 - 2011-10-14 20:11 - 00000000 ____D () C:\Users\Robin
2014-09-01 23:31 - 2014-09-01 23:31 - 00004892 _____ () C:\Windows\system32\.crusader
2014-09-01 23:09 - 2014-09-01 23:09 - 00006200 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-01 23:07 - 2014-09-01 22:12 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-01 22:52 - 2014-09-05 00:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012 - Copy.exe
2014-09-01 22:52 - 2014-09-01 22:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 22:17 - 2013-10-10 19:25 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 _____ () C:\autoexec.bat
2014-09-01 22:07 - 2011-10-14 21:17 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Mozilla
2014-08-31 19:33 - 2012-03-28 22:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-31 19:21 - 2014-08-31 19:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-31 18:22 - 2014-04-19 22:14 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-31 05:27 - 2014-08-31 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-31 05:27 - 2014-08-30 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-31 05:27 - 2014-08-30 03:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-31 00:04 - 2014-08-30 23:09 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-31 00:02 - 2013-12-17 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
2014-08-31 00:02 - 2013-11-10 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-08-31 00:02 - 2013-05-25 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-08-31 00:02 - 2013-02-23 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2014-08-31 00:02 - 2012-09-17 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-31 00:02 - 2012-08-12 19:16 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-31 00:02 - 2012-04-20 23:33 - 00000000 ____D () C:\Users\Robin\Desktop\Skole
2014-08-31 00:02 - 2012-03-31 11:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-31 00:02 - 2012-03-11 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-08-31 00:02 - 2011-10-21 21:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dungeon Defenders Demo
2014-08-31 00:02 - 2011-10-15 06:06 - 00000000 ____D () C:\Windows\Panther
2014-08-30 23:17 - 2013-12-12 20:42 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-30 23:17 - 2013-02-02 01:36 - 00000000 ____D () C:\Users\Robin\AppData\Local\Unity
2014-08-30 23:12 - 2014-04-19 22:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Samsung
2014-08-30 23:12 - 2014-04-19 22:12 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-30 23:12 - 2014-03-17 12:03 - 00000000 ____D () C:\Program Files (x86)\Evolus
2014-08-30 23:12 - 2011-10-14 20:13 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-30 23:09 - 2014-08-30 23:09 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-08-30 23:09 - 2014-04-19 22:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-30 04:52 - 2012-05-22 16:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-30 03:15 - 2012-05-08 13:42 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-30 02:52 - 2014-08-30 02:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-29 03:53 - 2014-08-08 21:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-29 03:52 - 2014-08-29 03:52 - 00000679 _____ () C:\Users\Robin\Robin - Shortcut.lnk
2014-08-28 15:54 - 2009-07-14 06:45 - 00298224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:49 - 2014-08-27 20:49 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-27 20:49 - 2014-08-27 20:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2012-09-18 01:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-27 20:40 - 2014-08-09 20:40 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-23 04:07 - 2014-08-27 20:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 08:52 - 2014-08-30 23:09 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
2014-08-20 02:18 - 2014-08-20 02:18 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-17 19:35 - 2014-08-17 19:35 - 00000000 ____D () C:\Users\Robin\Documents\Fax
2014-08-14 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 16:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:53 - 2013-08-14 18:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 06:53 - 2011-10-16 12:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 06:51 - 2014-05-06 18:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 14:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-08-09 02:57 - 2011-10-14 21:00 - 00064736 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 21:03 - 2013-07-09 13:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Malwarebytes
2014-08-08 21:03 - 2013-07-09 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 20:48 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Tunngle
2014-08-08 20:48 - 2011-10-14 21:17 - 00001096 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-08 20:48 - 2011-10-14 21:17 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-08 20:48 - 2011-10-14 20:11 - 00001417 _____ () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-08 20:40 - 2014-08-08 20:40 - 00003256 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-08 20:37 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-08-08 20:34 - 2014-08-08 20:34 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-08 20:32 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\Documents\Tunngle
2014-08-08 20:27 - 2013-02-05 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 04:06 - 2014-08-14 03:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 03:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpkl6f.dll
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 15:40

==================== End Of Log ============================

----------------------------------------------

 

Addition.txt:

 

Did not get this file, I believe I might have run this tool a couple of days ago, but I believe I deleted that file, atleast can't find it through the use of the search-tool. (Only tried straight into the search-box, nothing in-depth)

Anything I can do to reset this? In order to paste the log.

 

----------------------------------------------

 

How is your machine running now:

 

Well its fast, but its always been fast as my computer specs are quite beefy. During the time I've had this malware, I've noticed a slow-down here and there, but can't really say it's gotten slow at times.


Edited by Robikar, 04 September 2014 - 08:08 PM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 04 September 2014 - 09:50 PM

When I ask how its running. I want to know is the malware still causing the problems you came here for. :thumbup2:

 

 

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   2.3KB   2 downloads

 

 

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 04 September 2014 - 10:16 PM

fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Robin at 2014-09-05 05:04:35 Run:1
Running from C:\Users\Robin\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [AdobeBridge] => [X]
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: No Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} ->  No File
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
DPF: HKLM-x32 {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Robin\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin HKCU: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll No File
FF Plugin HKCU: ubisoft.com/uplaypc -> H:\Spill\Ubisoft Game Launcher\npuplaypc.dll ()
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [247488 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [78016 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65216 2014-08-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\Elex-tech\YAC\iSafeNetFilter.sys [49320 2014-08-06] (Elex do Brasil Participações Ltda)
S3 CorsairCAHS1; system32\drivers\CAHS164.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 gfiark; system32\drivers\gfiark.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 USBPNPA; system32\drivers\CM10864.sys [X]
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpkl6f.dll
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe

*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKLM\Software\\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Users    ALLOW    READ    (I)
BUILTIN\Users    ALLOW    READ    (CI-I-OI)
BUILTIN\Administrators    ALLOW    FULL    (I)
BUILTIN\Administrators    ALLOW    FULL    (CI-I-OI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (I)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (CI-I-OI)
CREATOR OWNER    ALLOW    FULL    (CI-I-OI)

===================================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

EVERYONE    ALLOW    READ    (NI)
EVERYONE    ALLOW    READ    (OI-CI-IO)
BUILTIN\Administrators    ALLOW    FULL    (NI)
BUILTIN\Administrators    ALLOW    FULL    (OI-CI-IO)
BUILTIN\Users    ALLOW    QUERY+SetValue+CreateSubKey+EnumSubKey+NOTIFY+CreateLink+READ    (NI)
BUILTIN\Users    ALLOW    EXECUTE+WRITE+READ    (OI-CI-IO)
BUILTIN\Users    ALLOW    READ    (I)
BUILTIN\Users    ALLOW    READ    (CI-I-OI)
BUILTIN\Administrators    ALLOW    FULL    (I)
BUILTIN\Administrators    ALLOW    FULL    (CI-I-OI)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (I)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (CI-I-OI)
CREATOR OWNER    ALLOW    FULL    (CI-I-OI)

===================================
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
===================================
Permissions for "HKCU\Software\Microsoft\Internet Explorer\Main":

Owner: BUILTIN\Administrators

DACL(AI):

BUILTIN\Administrators    ALLOW    FULL    (NI)
CREATOR OWNER    ALLOW    FULL    (CI-IO)
Robin-PC\Robin    ALLOW    FULL    (OI-CI-I)
NT AUTHORITY\SYSTEM    ALLOW    FULL    (OI-CI-I)
BUILTIN\Administrators    ALLOW    FULL    (OI-CI-I)
NT AUTHORITY\RESTRICTED    ALLOW    READ    (OI-CI-I)

===================================
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin" => Key deleted successfully.
C:\Users\Robin\AppData\Local\Citrix\Plugins\104\npappdetector.dll not found.
"HKCU\Software\MozillaPlugins\anvisoft.com/AdblockPlugin" => Key deleted successfully.
C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll not found.
"HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
H:\Spill\Ubisoft Game Launcher\npuplaypc.dll => Moved successfully.
iSafeService => Unable to stop service
iSafeService => Error deleting Service
PnkBstrA => Service stopped successfully.
PnkBstrA => Service deleted successfully.
iSafeKrnl => Unable to stop service
iSafeKrnl => Error deleting Service
iSafeKrnlKit => Unable to stop service
iSafeKrnlKit => Error deleting Service
iSafeKrnlR3 => Unable to stop service
iSafeKrnlR3 => Service deleted successfully.
iSafeNetFilter => Unable to stop service
iSafeNetFilter => Error deleting Service
CorsairCAHS1 => Service deleted successfully.
dgderdrv => Service deleted successfully.
esgiguard => Service deleted successfully.
gfiark => Service deleted successfully.
iSafeKrnlBoot => Service deleted successfully.
sbapifs => Service deleted successfully.
USBPNPA => Service deleted successfully.
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzpkl6f.dll => Moved successfully.
C:\Users\Robin\AppData\Local\Temp\Quarantine.exe => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

 

---------------------------------------------

 

As I described in the initial post, reproducing the effect of the malware was hard, as it popped up rarely. I'll notice over time if the performance stays stable as well as if I'll get another exclusive-rewards ad popping up again. This is why its hard for me to conclude if the system is running well or not, as I barely noticed it earlier when it came to performance.

 

(Using Firefox, if that's relevant in this setting, as far as I know the malware you helped me now is strictly local, aka affecting all browsers? Either way, only noticed it happening in Firefox, but that's naturally due to me actively using that browser, and not Chrome and IE, which I also have installed.)

 

Anyways, made sure I had the fix-file as well as the frst64.exe in the same folder and ran the fix. Hopefully it will do the trick.

 

Out of curiousity, what kind of free protection are you recommending? Currently using Avast, Spybot: S&D (+ MS Essentials)


Edited by Robikar, 05 September 2014 - 11:46 AM.


#6 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 04 September 2014 - 10:48 PM

Just remembered that at times my USB-devices can disconnect for a second or two. This has happened to my charger cable on my headset, my keyboard and my mouse. Once or twice on both my keyboard and headset (Seemingly every USB-device connected to the machine disconnected when this happened). and maybe 10ish times on my mouse. Since it's multiple devices, I'd guess it was malware that caused this and not a hardware related issue?


Edited by Robikar, 04 September 2014 - 10:51 PM.


#7 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 05 September 2014 - 09:09 PM

Bump :)



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 05 September 2014 - 10:44 PM

 

Bump :)

Please don't bump your topic.

 

Please run Frst as you did the first time you ran it and post the FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 06 September 2014 - 12:18 AM

Alright, sorry for the bump then.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Robin (administrator) on ROBIN-PC on 06-09-2014 07:16:44
Running from C:\Users\Robin\Desktop\fix-folder
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Hi-Rez Studios) H:\Spill\Hi-Rez-Studios\HiPatchService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Curse) C:\Users\Robin\AppData\Local\Apps\2.0\CR2J79ZZ.0AW\VC1WM6Z1.62R\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b6290e21932c\CurseClient.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) H:\Program Files (x86)\OpenOffice\program\soffice.exe
(OpenOffice.org) H:\Program Files (x86)\OpenOffice\program\soffice.bin
(Logitech, Inc.) H:\Logitech setpoint\SetPointG\SetPointII.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TeamSpeak Systems GmbH) H:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Blizzard Entertainment) H:\Spill\Battle.net\Battle.net.4944\Battle.net.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3332\Agent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Blizzard Entertainment) H:\Spill\World of Warcraft\Wow-64.exe
(Blizzard Entertainment) H:\Spill\World of Warcraft\Utils\WowBrowserProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => H:\Logitech setpoint\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Corsair laver] => C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe [1780736 2012-05-22] (Corsair Components  Inc)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Corsair Headset Software] => C:\Program Files (x86)\Corsair\Corsair Headset Software\HeadsetControlPanel.exe [3167544 2014-02-12] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-03] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [Easy-Hide-IP] => C:\Program Files (x86)\Easy-Hide-IP\easy-hide-ip.exe
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-2789722624-2755277622-3666452313-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> H:\Program Files (x86)\OpenOffice\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x27B41F4CE150CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll No File
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Extension: WOT - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-05]
FF Extension: Firebug - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\olo48yqg.default-1409859280667\Extensions\firebug@software.joehewitt.com.xpi [2014-09-05]
FF Extension: Firebug - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\firebug@software.joehewitt.com.xpi [2014-08-08]
FF Extension: Twitch TV Emoticon Panel - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\twitchtvemotes@killerud.com.xpi [2014-08-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-03]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR HomePage: Default ->
CHR Profile: C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-10]
CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (avast! Online Security) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-03]
CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-03]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-09-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-03] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-09-03] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
U2 HiPatchService; H:\Spill\Hi-Rez-Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.5\my.ini [8919 2012-04-26] () [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-03] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-09-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-03] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-09-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-03] ()
R3 CorsairAudioFilter; C:\Windows\System32\DRIVERS\corsveng2kamd64.sys [109912 2014-02-03] (Corsair Components, Inc.)
R3 CORSGKB; C:\Windows\System32\drivers\CORSGKB.sys [25600 2012-03-27] ( )
S3 cxbu0x64; C:\Windows\System32\DRIVERS\cxbu0x64.sys [177920 2011-09-06] (HID Global Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 tap0901_openvpn_accl; C:\Windows\System32\DRIVERS\tap0901_openvpn_accl.sys [37912 2012-08-21] (The OpenVPN Project)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 18:05 - 2014-09-05 18:05 - 00000322 _____ () C:\Windows\PFRO.log
2014-09-05 18:05 - 2014-09-05 18:05 - 00000224 _____ () C:\Windows\setupact.log
2014-09-05 18:05 - 2014-09-05 18:05 - 00000000 ___RD () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 18:05 - 2014-09-05 18:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 05:43 - 2014-09-05 05:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-05 05:43 - 2014-09-05 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-05 05:42 - 2014-09-05 05:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-05 05:40 - 2014-09-05 05:40 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-09-05 05:06 - 2014-09-05 05:07 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\isafe
2014-09-05 05:00 - 2014-09-06 07:16 - 00000000 ____D () C:\Users\Robin\Desktop\fix-folder
2014-09-05 03:00 - 2014-09-05 03:13 - 00062059 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-05 02:58 - 2014-09-05 02:58 - 00000927 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-09-05 02:54 - 2014-09-05 02:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 01:56 - 2014-09-05 01:56 - 00038138 _____ () C:\ComboFix.txt
2014-09-05 01:37 - 2014-09-06 07:16 - 00000000 ____D () C:\FRST
2014-09-04 16:22 - 2014-09-05 05:07 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-09-04 16:22 - 2014-09-05 02:48 - 00000000 ____D () C:\Windows\system32\log
2014-09-04 15:59 - 2014-09-05 01:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-04 06:01 - 2014-09-05 01:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-04 06:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-04 06:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-03 17:38 - 2014-09-03 17:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-03 15:43 - 2014-09-03 15:43 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-09-03 15:42 - 2014-09-03 15:42 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-09-03 15:42 - 2014-09-03 15:42 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-09-03 15:41 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-03 15:41 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-03 15:40 - 2014-09-04 17:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-03 15:40 - 2014-09-03 15:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-03 15:40 - 2014-09-03 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 05:34 - 2014-09-02 05:34 - 00000000 ____D () C:\ProgramData\Auslogics
2014-09-02 05:23 - 2014-09-02 05:35 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-02 03:15 - 2014-09-02 03:15 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\raidcall
2014-09-02 00:24 - 2014-09-06 02:00 - 00000000 ____D () C:\Users\Robin\AppData\Local\Adobe
2014-09-02 00:24 - 2014-09-04 15:27 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-02 00:01 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-02 00:01 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-02 00:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-02 00:01 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-01 23:58 - 2014-09-05 01:56 - 00000000 ____D () C:\Qoobox
2014-09-01 23:58 - 2014-09-02 00:07 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 23:35 - 2014-09-05 18:16 - 00322619 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 23:31 - 2014-09-01 23:31 - 00004892 _____ () C:\Windows\system32\.crusader
2014-09-01 23:09 - 2014-09-01 23:09 - 00006200 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-01 22:12 - 2014-09-01 23:07 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 _____ () C:\autoexec.bat
2014-08-31 19:17 - 2014-08-31 19:21 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-30 23:10 - 2014-08-31 05:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-30 23:09 - 2014-08-31 00:04 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-30 23:09 - 2014-08-30 23:09 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-08-30 23:09 - 2014-08-20 08:52 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-08-30 02:52 - 2014-08-30 02:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-29 03:52 - 2014-08-29 03:52 - 00000679 _____ () C:\Users\Robin\Robin - Shortcut.lnk
2014-08-28 16:23 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-28 16:12 - 2014-09-05 02:48 - 00000000 ____D () C:\AdwCleaner
2014-08-27 20:49 - 2014-08-27 20:49 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2014-08-27 20:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-08-27 20:04 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 20:04 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 20:04 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
2014-08-20 02:18 - 2014-08-20 02:18 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-17 19:35 - 2014-08-17 19:35 - 00000000 ____D () C:\Users\Robin\Documents\Fax
2014-08-14 06:51 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 06:51 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 06:51 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 06:51 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 06:51 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 06:51 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 06:51 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 06:51 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 03:33 - 2014-08-07 04:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 03:33 - 2014-08-07 04:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 03:33 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 03:33 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 03:33 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 03:33 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 03:33 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 03:33 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 03:33 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 03:33 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 03:33 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 03:33 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 03:33 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 03:33 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 03:33 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 03:33 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 03:33 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 03:33 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 03:33 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 03:33 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 03:33 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 03:33 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 03:33 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 03:33 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 03:33 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 03:33 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 03:33 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 03:33 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 03:33 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 03:33 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 03:33 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 03:33 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 03:33 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 03:33 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 03:33 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 03:33 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 03:33 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 03:33 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 03:33 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 03:33 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 03:33 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 03:33 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 03:33 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 03:33 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 03:33 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 03:33 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 03:33 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 03:33 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 03:33 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 03:33 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 03:33 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 03:33 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 03:33 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 03:33 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 03:33 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 03:33 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 03:33 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 03:33 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 03:33 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 03:33 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 03:33 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 03:33 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 03:33 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 03:33 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 03:33 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 03:33 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 03:33 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 03:33 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 03:33 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 03:33 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 03:33 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 03:33 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 03:33 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 03:33 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-09 20:40 - 2014-08-27 20:40 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-08 21:02 - 2014-08-29 03:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-08 20:40 - 2014-08-08 20:40 - 00003256 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-08 20:34 - 2014-08-08 20:34 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-08 20:32 - 2014-08-08 20:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Tunngle
2014-08-08 20:32 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\Documents\Tunngle
2014-08-08 20:32 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 07:16 - 2014-09-05 05:00 - 00000000 ____D () C:\Users\Robin\Desktop\fix-folder
2014-09-06 07:16 - 2014-09-05 01:37 - 00000000 ____D () C:\FRST
2014-09-06 07:14 - 2013-12-04 17:28 - 00000000 ____D () C:\Users\Robin\AppData\Local\Battle.net
2014-09-06 07:06 - 2011-10-16 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Local\Deployment
2014-09-06 07:05 - 2011-10-14 22:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Skype
2014-09-06 07:04 - 2013-10-10 19:25 - 00000990 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 07:04 - 2012-03-30 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 02:16 - 2012-08-19 04:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E3F159EA-DA14-4307-BCFE-2A23EAD85226}
2014-09-06 02:00 - 2014-09-02 00:24 - 00000000 ____D () C:\Users\Robin\AppData\Local\Adobe
2014-09-05 19:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-09-05 18:16 - 2014-09-01 23:35 - 00322619 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 18:12 - 2009-07-14 06:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 18:12 - 2009-07-14 06:45 - 00032032 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 18:11 - 2009-07-14 07:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-05 18:05 - 2014-09-05 18:05 - 00000322 _____ () C:\Windows\PFRO.log
2014-09-05 18:05 - 2014-09-05 18:05 - 00000224 _____ () C:\Windows\setupact.log
2014-09-05 18:05 - 2014-09-05 18:05 - 00000000 ___RD () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 18:05 - 2014-09-05 18:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 18:05 - 2013-10-11 02:23 - 00000000 _____ () C:\Windows\system32\Ikeext.etl
2014-09-05 18:05 - 2013-10-10 19:25 - 00000986 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 18:05 - 2012-03-31 11:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Dropbox
2014-09-05 18:05 - 2011-10-14 20:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-05 18:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 05:46 - 2012-04-22 16:43 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\TeamViewer
2014-09-05 05:44 - 2011-10-22 18:50 - 00000000 ____D () C:\Users\Robin\AppData\Local\CrashDumps
2014-09-05 05:43 - 2014-09-05 05:43 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-05 05:43 - 2014-09-05 05:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-05 05:43 - 2011-10-14 22:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-05 05:43 - 2011-10-14 22:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-05 05:43 - 2011-10-14 21:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 05:42 - 2014-09-05 05:42 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-05 05:42 - 2013-11-10 15:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-05 05:42 - 2013-11-10 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-09-05 05:42 - 2011-11-20 16:32 - 00000000 ____D () C:\Program Files\Java
2014-09-05 05:40 - 2014-09-05 05:40 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-09-05 05:27 - 2012-01-02 23:52 - 00007618 _____ () C:\Users\Robin\AppData\Local\Resmon.ResmonCfg
2014-09-05 05:07 - 2014-09-05 05:06 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\isafe
2014-09-05 05:07 - 2014-09-04 16:22 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-09-05 03:13 - 2014-09-05 03:00 - 00062059 _____ () C:\Users\Robin\Desktop\FRST.txt
2014-09-05 02:58 - 2014-09-05 02:58 - 00000927 _____ () C:\Users\Robin\Desktop\JRT.txt
2014-09-05 02:54 - 2014-09-05 02:54 - 00000000 ____D () C:\Windows\ERUNT
2014-09-05 02:52 - 2011-10-14 20:52 - 00000000 ____D () C:\Users\Robin\Desktop\Spill
2014-09-05 02:48 - 2014-09-04 16:22 - 00000000 ____D () C:\Windows\system32\log
2014-09-05 02:48 - 2014-08-28 16:12 - 00000000 ____D () C:\AdwCleaner
2014-09-05 02:41 - 2011-10-14 21:37 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\vlc
2014-09-05 02:40 - 2011-10-16 19:59 - 00000000 ____D () C:\Users\Robin\AppData\Local\Apps\2.0
2014-09-05 01:56 - 2014-09-05 01:56 - 00038138 _____ () C:\ComboFix.txt
2014-09-05 01:56 - 2014-09-01 23:58 - 00000000 ____D () C:\Qoobox
2014-09-05 01:56 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Default
2014-09-05 01:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-05 01:41 - 2014-09-04 15:59 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Nico Mak Computing
2014-09-05 01:11 - 2014-09-04 06:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 17:23 - 2014-09-03 15:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 15:27 - 2014-09-02 00:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 06:01 - 2014-09-04 06:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 05:52 - 2012-04-25 10:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 17:38 - 2014-09-03 17:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-03 15:53 - 2012-03-30 10:04 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 15:53 - 2012-03-30 10:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-03 15:53 - 2011-10-14 21:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-03 15:50 - 2011-10-14 20:48 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-03 15:43 - 2014-09-03 15:43 - 00001972 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-09-03 15:43 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-03 15:42 - 2014-09-03 15:42 - 00448400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-09-03 15:42 - 2014-09-03 15:42 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-09-03 15:41 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\AVAST Software
2014-09-03 15:40 - 2014-09-03 15:40 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-03 15:40 - 2014-09-03 15:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-03 15:40 - 2014-09-03 15:40 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-03 15:40 - 2011-10-14 21:28 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-03 15:40 - 2011-10-14 21:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-03 00:31 - 2012-09-18 01:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-03 00:27 - 2013-09-08 15:32 - 00000000 ____D () C:\Users\Robin\Desktop\Guild News
2014-09-02 05:35 - 2014-09-02 05:23 - 00000000 ____D () C:\Program Files (x86)\RegUtility
2014-09-02 05:34 - 2014-09-02 05:34 - 00000000 ____D () C:\ProgramData\Auslogics
2014-09-02 03:15 - 2014-09-02 03:15 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\raidcall
2014-09-02 03:15 - 2013-06-29 03:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
2014-09-02 00:24 - 2011-10-21 17:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-02 00:24 - 2011-10-21 17:20 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-02 00:07 - 2014-09-01 23:58 - 00000000 ____D () C:\Windows\erdnt
2014-09-01 23:34 - 2011-12-12 18:08 - 00000000 ____D () C:\Users\UpdatusUser.Robin-PC
2014-09-01 23:34 - 2011-10-29 00:36 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 23:33 - 2011-10-14 20:11 - 00000000 ____D () C:\Users\Robin
2014-09-01 23:31 - 2014-09-01 23:31 - 00004892 _____ () C:\Windows\system32\.crusader
2014-09-01 23:09 - 2014-09-01 23:09 - 00006200 _____ () C:\Windows\system32\Drivers\kgpcpy.cfg
2014-09-01 23:07 - 2014-09-01 22:12 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-01 22:17 - 2013-10-10 19:25 - 00000000 ____D () C:\Users\Robin\AppData\Local\Google
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-01 22:12 - 2014-09-01 22:12 - 00000000 _____ () C:\autoexec.bat
2014-09-01 22:07 - 2011-10-14 21:17 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Mozilla
2014-08-31 19:33 - 2012-03-28 22:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-08-31 19:21 - 2014-08-31 19:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-31 18:22 - 2014-04-19 22:14 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-08-31 05:27 - 2014-08-30 23:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-08-31 00:04 - 2014-08-30 23:09 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-08-31 00:02 - 2013-12-17 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Texmaker
2014-08-31 00:02 - 2013-05-25 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
2014-08-31 00:02 - 2013-02-23 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
2014-08-31 00:02 - 2012-09-17 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-31 00:02 - 2012-08-12 19:16 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-08-31 00:02 - 2012-04-20 23:33 - 00000000 ____D () C:\Users\Robin\Desktop\Skole
2014-08-31 00:02 - 2012-03-31 11:47 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-31 00:02 - 2012-03-11 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-08-31 00:02 - 2011-10-21 21:45 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dungeon Defenders Demo
2014-08-31 00:02 - 2011-10-15 06:06 - 00000000 ____D () C:\Windows\Panther
2014-08-30 23:17 - 2013-12-12 20:42 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-30 23:17 - 2013-02-02 01:36 - 00000000 ____D () C:\Users\Robin\AppData\Local\Unity
2014-08-30 23:12 - 2014-04-19 22:14 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Samsung
2014-08-30 23:12 - 2014-04-19 22:12 - 00000000 ____D () C:\ProgramData\Samsung
2014-08-30 23:12 - 2014-03-17 12:03 - 00000000 ____D () C:\Program Files (x86)\Evolus
2014-08-30 23:12 - 2011-10-14 20:13 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-08-30 23:09 - 2014-08-30 23:09 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-08-30 23:09 - 2014-04-19 22:19 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-08-30 04:52 - 2012-05-22 16:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-08-30 03:15 - 2012-05-08 13:42 - 00000000 ____D () C:\ProgramData\ABBYY
2014-08-30 02:52 - 2014-08-30 02:52 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\LavasoftStatistics
2014-08-29 03:53 - 2014-08-08 21:02 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-29 03:52 - 2014-08-29 03:52 - 00000679 _____ () C:\Users\Robin\Robin - Shortcut.lnk
2014-08-28 15:54 - 2009-07-14 06:45 - 00298224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:49 - 2014-08-27 20:49 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-27 20:49 - 2014-08-27 20:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-27 20:48 - 2012-09-18 01:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-08-27 20:40 - 2014-08-09 20:40 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-08-23 04:07 - 2014-08-27 20:04 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 20:04 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 20:04 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 08:52 - 2014-08-30 23:09 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-08-20 08:52 - 2014-08-20 08:52 - 00047632 _____ (Anvisoft) C:\Windows\system32\Drivers\asdids.sys
2014-08-20 02:18 - 2014-08-20 02:18 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2014-08-17 19:35 - 2014-08-17 19:35 - 00000000 ____D () C:\Users\Robin\Documents\Fax
2014-08-14 17:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-14 16:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 06:53 - 2013-08-14 18:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 06:53 - 2011-10-16 12:26 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 06:51 - 2014-05-06 18:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-10 14:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2014-08-09 02:57 - 2011-10-14 21:00 - 00064736 _____ () C:\Users\Robin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-08 21:03 - 2013-07-09 13:41 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Malwarebytes
2014-08-08 21:03 - 2013-07-09 13:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-08 20:48 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\AppData\Roaming\Tunngle
2014-08-08 20:48 - 2011-10-14 21:17 - 00001096 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-08 20:48 - 2011-10-14 21:17 - 00000923 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-08 20:48 - 2011-10-14 20:11 - 00001417 _____ () C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-08 20:40 - 2014-08-08 20:40 - 00003256 _____ () C:\Windows\System32\Tasks\GPUP
2014-08-08 20:37 - 2009-07-14 05:20 - 00000000 ___RD () C:\Users\Public\Libraries
2014-08-08 20:34 - 2014-08-08 20:34 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-08-08 20:32 - 2014-08-08 20:32 - 00000000 ____D () C:\Users\Robin\Documents\Tunngle
2014-08-08 20:27 - 2013-02-05 16:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-07 04:06 - 2014-08-14 03:33 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 04:01 - 2014-08-14 03:33 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Robin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvme0eq.dll
C:\Users\Robin\AppData\Local\Temp\HitmanPro.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-01 15:40

==================== End Of Log ============================



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 06 September 2014 - 10:07 AM

That log looks alot better. Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats IS checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 06 September 2014 - 11:24 AM

Did not get prompted to restart as malwarebytes didn't find anything. (My trial has expired, but that's the premium features only I believe, so the scan + removal should still work).

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06.09.2014
Scan Time: 17:58:53
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.06.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Robin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408399
Time Elapsed: 4 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

---------------------------------------------------

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=527ceb619a6ba048bc05cc53575d1a84
# engine=20031
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-06 05:47:39
# local_time=2014-09-06 07:47:39 (+0100, W. Europe Daylight Time)
# country="Norway"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 96 92391 6223944 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 12702796 104206869 0 0
# scanned=435966
# found=5
# cleaned=5
# scan_time=5277
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-2789722624-2755277622-3666452313-1000\$R84OANY.exe"
sh=4DE1F1CF6AEF412F65B95C6D2265410282FFA14F ft=1 fh=5b1ba356a60ab91d vn="Win32/Packed.Autoit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Robin\Desktop\Spill\Bot\Fishbot\Data\Updater\Updater.exe"
sh=AF580F052D04DEC031DEFC39A53CBEDECE7C8E90 ft=1 fh=30c2b2a5ec4dcb1e vn="Win32/Packed.Autoit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Robin\Desktop\Spill\Bot\Fishbot\ProfileEditor\Editor.exe"
sh=4DE1F1CF6AEF412F65B95C6D2265410282FFA14F ft=1 fh=5b1ba356a60ab91d vn="Win32/Packed.Autoit.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Robin\Desktop\Spill\Bot\Fishbot\ProfileEditor\data\Updater.exe"
sh=A54B224DA5C9B30677FA1F3B456AF451D1362991 ft=1 fh=0400aaad7ffa6627 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="H:\Platinum Hide IP v3.1.1.8\PlatinumHideIP-3.1.1.8.Setup.exe"
 


Edited by Robikar, 06 September 2014 - 01:01 PM.


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 06 September 2014 - 01:51 PM

Hello,

Robikar

.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess

 

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

 

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

 

 

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest.  It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on.  Whether these things are files or sites it doesn't really matter.  If something is out to get you, and you click on it, it most likely will. 

Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!.  These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.  For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert.  When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge.  You can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites.  I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites.  I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you.  It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection.  Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money.  By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.


Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here



Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:


Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running.  This alone can save you a lot of trouble with malware in the future. 
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java).  You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 06 September 2014 - 02:14 PM

As I mentioned earlier in this thread, do you think my issues with my USB-devices disconnecting at times can have anything to do with this? Haven't noticed it yet since I got help, but it didn't happen super often, therefore I can't conclude on it yet. What I'm trying to say is if it's common for malware to do this or not?

 

Other than that I have to make it clear of how much I appreciate people like the volunteers here on bleeping computer to actually spend time to help others, you truly have my thanks! :)



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:47 AM

Posted 06 September 2014 - 02:22 PM

 

As I mentioned earlier in this thread, do you think my issues with my USB-devices disconnecting at times can have anything to do with this?

It is very rare for malware to effect a usb device unless it was infected already. None of the logs showed any infection on the usb device.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Robikar

Robikar
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:47 AM

Posted 06 September 2014 - 02:38 PM

 

 

As I mentioned earlier in this thread, do you think my issues with my USB-devices disconnecting at times can have anything to do with this?

It is very rare for malware to effect a usb device unless it was infected already. None of the logs showed any infection on the usb device.

 

 

Might've been something I removed before I got there for help then. Found some bleep to clean up in the registry before I came here for help.  Either way, haven't had the mouse disconnecting for while, so hopefully it isn't hardware related. :)


Edited by Robikar, 06 September 2014 - 02:40 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users