Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyPCBackup and YTD Video Downloader


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kytari

Kytari

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 12 December 2014 - 12:27 PM

So I checked my files with AdwCleaner after uninstalling YTD Video Downloader. A friend of mine said, that Adw could break my OS (delete system files and such) so I want to know if it's safe to remove these files/tasks/registry keys. Also I would like to know if I have any other viruses. Before I ran the scan with AdwCleaner, I also ran MalwareBytes. It found 1 file "YTDinstaller.exe". I put it in Quarantine.

 

Here is the link to pastebin where I pasted the log. (I don't want to use too much space on this page)

http://pastebin.com/r4M4indX

 

EDIT: I Googled the task "LaunchSignup" and I traced it to MyPcBackup which was intalled with some other program.


Edited by Kytari, 12 December 2014 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 17 December 2014 - 10:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please get the latest version of AdwCleaner.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Kytari

Kytari
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 17 December 2014 - 03:11 PM

AdwCleaner log:

 

# AdwCleaner v4.105 - Report created 17/12/2014 at 21:45:55

# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kytari - KYTARI-PC
# Running from : C:\Users\Kytari\Downloads\adwcleaner_4.105.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Users\Kytari\Documents\Updater
Folder Deleted : C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : update-sys
Task Deleted : update-S-1-5-21-2847481496-1715709754-865589202-1000
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\OCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3625 octets] - [12/12/2014 19:06:01]
AdwCleaner[R1].txt - [3685 octets] - [12/12/2014 19:08:04]
AdwCleaner[R2].txt - [3971 octets] - [17/12/2014 21:36:35]
AdwCleaner[R3].txt - [4031 octets] - [17/12/2014 21:42:04]
AdwCleaner[S0].txt - [3906 octets] - [17/12/2014 21:45:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3966 octets] ##########

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014

Ran by Kytari (administrator) on KYTARI-PC on 17-12-2014 21:56:06
Running from C:\Users\Kytari\Desktop\FarBar
Loaded Profile: Kytari (Available profiles: Kytari)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: suomi (Suomi)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
() C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\LoggerServer.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(ASUS) C:\Windows\AsScrPro.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Spotify Ltd) C:\Users\Kytari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
() C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Birdstep) C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\Wilog.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-31] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [983200 2011-11-30] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-11-30] (Atheros Commnucations)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6228832 2014-10-10] (Binary Fortress Software)
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\Run: [AliceConnect] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [6228832 2014-10-10] (Binary Fortress Software)
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-12-11] ()
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\Run: [Spotify Web Helper] => C:\Users\Kytari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\...\MountPoints2: {ecbb3a78-2625-11e4-ad85-94dbc9b3241d} - E:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe ()
Startup: C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/fi-fi/?ocid=iehp
HKU\S-1-5-21-2847481496-1715709754-865589202-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2847481496-1715709754-865589202-1000 -> {330CDB71-66F6-429F-BFAE-858BDBFD7B40} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-tilin kirjautumisapuohjelma -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Tcpip\..\Interfaces\{2D62556D-78A2-4493-94E1-D56517DC39BB}: [NameServer] 195.197.54.100 195.74.0.47
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-10-06]
CHR Extension: (Google-dokumentit) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Google Drive) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (James White) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm [2014-11-05]
CHR Extension: (YouTube) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Adblock Plus) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-15]
CHR Extension: (Google-haku) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-09-07]
CHR Extension: (Avast Online Security) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-28]
CHR Extension: (Better Battlelog (BBLog)) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjlfnjepjdmlppapoikepbaabbghofma [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-13]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-11-29] (Adobe Systems) [File not signed]
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-04] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-11-30] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-13] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-13] (Avast Software)
R2 BecHelperService; C:\Program Files (x86)\Elisa\Mobiililaajakaista-ohjelma\BecHelperService.exe [1286144 2013-05-27] () [File not signed]
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [2872688 2014-10-10] (Binary Fortress Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-29] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-09-23] ()
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-11-30] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-13] ()
R3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [240128 2013-01-29] (Huawei Technologies Co., Ltd.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-13] (Avast Software)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 21:50 - 2014-12-17 21:56 - 00000000 ____D () C:\FRST
2014-12-17 21:50 - 2014-12-17 21:50 - 00000197 _____ () C:\Windows\system32\2014-12-17-19-50-02.073-AvastVBoxSVC.exe-4496.log
2014-12-17 21:45 - 2014-12-17 21:46 - 00004066 _____ () C:\Users\Kytari\Desktop\AdwCleaner[S0].txt
2014-12-17 21:43 - 2014-12-17 21:56 - 00000000 ____D () C:\Users\Kytari\Desktop\FarBar
2014-12-17 21:43 - 2014-12-17 21:44 - 02121216 _____ (Farbar) C:\Users\Kytari\Downloads\FRST64.exe
2014-12-17 21:31 - 2014-12-17 21:32 - 02166272 _____ () C:\Users\Kytari\Downloads\adwcleaner_4.105.exe
2014-12-17 20:50 - 2014-12-17 20:50 - 00000197 _____ () C:\Windows\system32\2014-12-17-18-50-47.040-AvastVBoxSVC.exe-3664.log
2014-12-17 15:12 - 2014-12-17 15:12 - 00000197 _____ () C:\Windows\system32\2014-12-17-13-12-30.089-AvastVBoxSVC.exe-3856.log
2014-12-17 07:49 - 2014-12-17 07:49 - 00000197 _____ () C:\Windows\system32\2014-12-17-05-49-37.060-AvastVBoxSVC.exe-4428.log
2014-12-16 19:48 - 2014-12-16 19:48 - 00067728 _____ () C:\Users\Kytari\Downloads\SEUS-v10.1-Standard.zip
2014-12-16 19:44 - 2014-12-16 19:44 - 00031061 _____ () C:\Users\Kytari\Downloads\SEUS v10.0 Lite.zip
2014-12-16 19:29 - 2014-12-16 19:29 - 00221141 _____ () C:\Users\Kytari\Downloads\ShadersModCore-v2.3.30-mc1.7.2-f.jar
2014-12-16 17:37 - 2014-12-16 17:37 - 00000197 _____ () C:\Windows\system32\2014-12-16-15-37-45.090-AvastVBoxSVC.exe-3640.log
2014-12-16 14:55 - 2014-12-16 14:55 - 00000247 _____ () C:\Windows\system32\2014-12-16-12-55-28.000-aswFe.exe-2288.log
2014-12-16 14:45 - 2014-12-16 14:55 - 00000247 _____ () C:\Windows\system32\2014-12-16-12-45-52.026-aswFe.exe-4500.log
2014-12-16 14:45 - 2014-12-16 14:45 - 00000197 _____ () C:\Windows\system32\2014-12-16-12-45-44.068-AvastVBoxSVC.exe-516.log
2014-12-15 14:30 - 2014-12-15 14:30 - 00000197 _____ () C:\Windows\system32\2014-12-15-12-30-13.065-AvastVBoxSVC.exe-3992.log
2014-12-14 09:27 - 2014-12-14 09:27 - 00000197 _____ () C:\Windows\system32\2014-12-14-07-27-14.024-AvastVBoxSVC.exe-3608.log
2014-12-13 17:06 - 2014-12-13 17:06 - 00000197 _____ () C:\Windows\system32\2014-12-13-15-06-29.051-AvastVBoxSVC.exe-4068.log
2014-12-13 12:02 - 2014-12-13 12:02 - 00000247 _____ () C:\Windows\system32\2014-12-13-10-02-16.052-aswFe.exe-4124.log
2014-12-13 11:57 - 2014-12-13 12:02 - 00000247 _____ () C:\Windows\system32\2014-12-13-09-57-24.029-aswFe.exe-3272.log
2014-12-13 11:57 - 2014-12-13 11:57 - 00000197 _____ () C:\Windows\system32\2014-12-13-09-57-21.090-AvastVBoxSVC.exe-1980.log
2014-12-13 11:52 - 2014-12-13 11:52 - 00000247 _____ () C:\Windows\system32\2014-12-13-09-52-35.013-aswFe.exe-4872.log
2014-12-13 11:48 - 2014-12-13 11:51 - 00000247 _____ () C:\Windows\system32\2014-12-13-09-48-56.045-aswFe.exe-4816.log
2014-12-13 11:48 - 2014-12-13 11:48 - 00000197 _____ () C:\Windows\system32\2014-12-13-09-48-50.006-AvastVBoxSVC.exe-4484.log
2014-12-13 11:31 - 2014-12-13 11:31 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-13 11:31 - 2014-12-13 11:31 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-13 08:52 - 2014-12-17 21:47 - 00003696 _____ () C:\Windows\PFRO.log
2014-12-12 19:05 - 2014-12-17 21:49 - 00000000 ____D () C:\AdwCleaner
2014-12-12 18:39 - 2014-12-17 21:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-12 18:38 - 2014-12-12 18:38 - 00001105 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-12 18:38 - 2014-12-12 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-12 18:38 - 2014-12-12 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-12 18:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-12 18:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-12 18:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-12 16:15 - 2014-12-14 18:46 - 00000000 ____D () C:\Users\Kytari\AppData\Local\SteelSeries Engine 3 Client
2014-12-12 16:15 - 2014-12-12 16:15 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2014-12-12 16:15 - 2014-12-12 16:15 - 00000000 ____D () C:\Users\admin
2014-12-12 16:14 - 2014-12-12 16:15 - 00005196 _____ () C:\Windows\DPINST.LOG
2014-12-12 16:14 - 2014-12-12 16:14 - 00000000 ____D () C:\ProgramData\SteelSeries
2014-12-12 16:14 - 2014-12-12 16:14 - 00000000 ____D () C:\Program Files\SteelSeries
2014-12-12 14:34 - 2014-12-12 14:34 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 21:28 - 2014-10-18 04:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 21:28 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 19:19 - 2014-12-11 19:20 - 00000000 ____D () C:\Program Files (x86)\puush
2014-12-11 19:19 - 2014-12-11 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\puush
2014-12-11 18:19 - 2014-12-04 04:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 18:19 - 2014-12-04 04:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 18:19 - 2014-12-04 04:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 18:19 - 2014-12-04 04:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 18:19 - 2014-12-04 04:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 18:19 - 2014-12-04 04:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 18:19 - 2014-12-04 04:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 18:19 - 2014-12-02 01:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 18:19 - 2014-11-27 03:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 18:19 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 18:19 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 18:19 - 2014-11-22 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 18:19 - 2014-11-22 05:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 18:19 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 18:19 - 2014-11-22 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 18:19 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 18:19 - 2014-11-22 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 18:19 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 18:19 - 2014-11-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 18:19 - 2014-11-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 18:19 - 2014-11-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 18:19 - 2014-11-22 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 18:19 - 2014-11-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 18:19 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 18:19 - 2014-11-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 18:19 - 2014-11-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 18:19 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 18:19 - 2014-11-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 18:19 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 18:19 - 2014-11-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 18:19 - 2014-11-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 18:19 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 18:19 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 18:19 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 18:19 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 18:19 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 18:19 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 18:19 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 18:19 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 18:19 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 18:19 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 18:19 - 2014-11-22 03:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 18:19 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 18:19 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 18:19 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 18:19 - 2014-11-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 18:19 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 18:19 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 18:19 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 18:19 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 18:19 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 18:19 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 18:19 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 18:19 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 18:19 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 18:19 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 18:19 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 18:19 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 18:19 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 18:19 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 18:19 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 18:19 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 18:19 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 18:19 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 18:19 - 2014-11-11 05:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 18:19 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 18:19 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 18:17 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 18:17 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 18:17 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 18:17 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 18:17 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 18:17 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 18:17 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 18:17 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 18:17 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 18:17 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 18:17 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 18:17 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 18:17 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 18:17 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 14:08 - 2014-12-10 14:08 - 00009281 _____ () C:\Users\Kytari\AppData\Local\recently-used.xbel
2014-12-09 22:02 - 2014-12-10 14:08 - 05509648 _____ () C:\Users\Kytari\Downloads\Channel art - kytari.xcf
2014-12-09 16:53 - 2014-12-09 16:53 - 00363952 _____ () C:\Users\Kytari\Downloads\Alan Walker - Fade.mp3.sfk
2014-12-09 16:23 - 2014-12-09 17:36 - 00000059 _____ () C:\Users\Kytari\AppData\Local\UserProducts.xml
2014-12-09 16:23 - 2014-12-09 16:23 - 00000003 _____ () C:\Users\Kytari\AppData\Local\updater.log
2014-12-09 16:23 - 2014-12-09 16:23 - 00000000 ____D () C:\Program Files (x86)\Skillbrains
2014-12-07 22:29 - 2014-12-07 22:29 - 00000000 ____D () C:\Users\Kytari\AppData\Local\Microsoft Help
2014-12-07 22:29 - 2014-12-07 22:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-07 21:35 - 2014-12-07 21:38 - 00000000 ____D () C:\Users\Kytari\Documents\Projektit
2014-12-07 19:10 - 2014-12-07 19:10 - 00035424 _____ () C:\Users\Kytari\Downloads\bankgthd.ttf
2014-12-07 10:45 - 2014-12-07 10:47 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Notepad++
2014-12-07 10:45 - 2014-12-07 10:46 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-12-07 10:45 - 2014-12-07 10:45 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-07 10:45 - 2014-12-07 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-12-06 14:15 - 2014-12-06 14:15 - 00000221 _____ () C:\Users\Kytari\Desktop\Skyrim.url
2014-12-03 13:57 - 2014-12-17 21:47 - 00001783 _____ () C:\Windows\setupact.log
2014-12-03 13:57 - 2014-12-03 13:57 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-02 17:21 - 2014-12-02 17:21 - 00000893 _____ () C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2014-11-29 19:15 - 2014-11-29 19:51 - 00440096 _____ () C:\Users\Kytari\Downloads\Electro-Light - Symbolism.mp3.sfk
2014-11-29 13:30 - 2014-11-29 13:30 - 00003111 _____ () C:\Users\Kytari\Desktop\Dolphin.lnk
2014-11-29 13:28 - 2014-11-29 13:29 - 00000000 ____D () C:\Users\Kytari\AppData\Local\Adobe
2014-11-29 13:26 - 2014-11-29 13:26 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-11-29 13:26 - 2014-11-29 13:26 - 00002070 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-11-29 13:26 - 2014-11-29 13:26 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-11-29 13:26 - 2014-11-29 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-11-29 13:25 - 2014-11-29 13:25 - 00002048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-11-29 13:25 - 2014-11-29 13:25 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-11-29 13:22 - 2014-11-29 13:23 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-11-28 17:33 - 2014-12-02 21:37 - 00000000 ____D () C:\Users\Kytari\Downloads\legend_of_zelda,_the_-_the_wind_waker
2014-11-28 17:03 - 2014-11-29 13:30 - 00000000 ____D () C:\Users\Kytari\Documents\dolphin-3.5-win64
2014-11-28 17:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-11-28 17:00 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-28 17:00 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-28 17:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-28 17:00 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-28 17:00 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-11-26 18:41 - 2014-11-26 18:41 - 00000000 __SHD () C:\Users\Kytari\AppData\Local\EmieBrowserModeList
2014-11-26 13:37 - 2014-11-29 10:57 - 00000045 _____ () C:\Users\Kytari\jagex_cl_runescape_LIVE.dat
2014-11-26 13:36 - 2014-11-26 13:36 - 00002090 _____ () C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-11-26 13:36 - 2014-11-26 13:36 - 00002060 _____ () C:\Users\Kytari\Desktop\RuneScape.lnk
2014-11-26 13:36 - 2014-11-26 13:36 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-11-21 16:35 - 2014-11-21 16:41 - 00000000 ____D () C:\Users\Kytari\AppData\Local\PAYDAY 2
2014-11-21 16:35 - 2014-11-21 16:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-21 16:35 - 2014-11-21 16:35 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-11-18 20:12 - 2014-11-11 05:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:12 - 2014-11-11 05:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:12 - 2014-11-11 04:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:12 - 2014-11-11 04:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 21:55 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-17 21:55 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-17 21:53 - 2014-08-16 04:58 - 01786120 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 21:53 - 2011-02-19 05:59 - 00482262 _____ () C:\Windows\system32\perfh00B.dat
2014-12-17 21:53 - 2011-02-19 05:59 - 00102064 _____ () C:\Windows\system32\perfc00B.dat
2014-12-17 21:53 - 2009-07-14 07:13 - 01356730 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 21:48 - 2014-08-15 19:33 - 00000000 ____D () C:\Users\Kytari\Documents\Bluetooth Folder
2014-12-17 21:48 - 2014-08-15 19:31 - 00000000 ___HD () C:\ASUS.DAT
2014-12-17 21:47 - 2014-08-15 19:30 - 00000380 _____ () C:\Users\Kytari\AppData\Roaming\sp_data.sys
2014-12-17 21:47 - 2012-02-23 08:07 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 21:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-17 21:45 - 2014-08-25 16:39 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\SoftGrid Client
2014-12-17 21:34 - 2012-02-23 08:07 - 00001008 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 21:01 - 2014-10-28 16:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-17 20:59 - 2014-11-16 20:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-17 18:34 - 2014-08-15 20:22 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\.minecraft
2014-12-16 17:49 - 2014-08-15 20:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-15 19:54 - 2014-08-16 13:51 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\TS3Client
2014-12-14 10:05 - 2014-08-19 21:36 - 00000000 ____D () C:\Users\Kytari\AppData\Local\CrashDumps
2014-12-13 22:28 - 2014-09-17 13:10 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Audacity
2014-12-13 19:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 18:54 - 2014-09-16 15:38 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Spotify
2014-12-13 11:31 - 2014-10-28 16:45 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-13 11:31 - 2014-10-28 16:45 - 00001967 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-13 08:56 - 2014-08-16 05:12 - 00002558 _____ () C:\Windows\system32\AutoRunFilter.ini
2014-12-13 08:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-12-12 17:59 - 2014-08-15 21:42 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\OBS
2014-12-12 17:24 - 2014-09-16 15:44 - 00000000 ____D () C:\Users\Kytari\AppData\Local\Spotify
2014-12-12 14:34 - 2014-08-16 09:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 14:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 21:35 - 2014-08-16 10:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 21:30 - 2014-08-16 10:22 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 19:16 - 2014-10-28 17:59 - 00000000 ____D () C:\Users\Kytari\AppData\Local\DisplayFusion
2014-12-10 15:03 - 2014-08-24 10:14 - 00000000 ____D () C:\Users\Kytari\AppData\Local\Skyrim
2014-12-10 14:08 - 2014-09-20 19:22 - 00000000 ____D () C:\Users\Kytari\AppData\Local\gtk-2.0
2014-12-10 14:08 - 2014-09-20 19:20 - 00000000 ____D () C:\Users\Kytari\.gimp-2.8
2014-12-08 15:53 - 2009-07-14 06:45 - 00281704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 22:35 - 2014-11-02 21:46 - 00000000 ____D () C:\Users\Kytari\Documents\Asiakirjat
2014-12-07 20:33 - 2014-10-19 12:21 - 00297560 _____ () C:\Users\Kytari\Documents\cdsfsd.veg.bak
2014-12-07 19:16 - 2014-08-15 19:30 - 00062184 _____ () C:\Users\Kytari\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-03 20:44 - 2014-08-15 20:21 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-03 20:44 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-02 22:37 - 2014-08-24 10:54 - 00000000 ____D () C:\Users\Kytari\Documents\Nexus Mod Manager
2014-12-02 17:21 - 2014-08-24 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2014-12-02 17:21 - 2014-08-24 10:54 - 00000000 ____D () C:\Program Files\Nexus Mod Manager
2014-11-30 09:03 - 2014-08-16 05:12 - 00001774 _____ () C:\Windows\system32\ServiceFilter.ini
2014-11-29 19:54 - 2014-08-21 17:02 - 00000000 ____D () C:\Users\Kytari\AppData\Local\Razer
2014-11-29 19:54 - 2014-08-21 17:01 - 00000000 ____D () C:\ProgramData\Razer
2014-11-29 19:54 - 2014-08-21 17:01 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-29 19:53 - 2014-08-16 18:31 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-29 19:52 - 2014-08-15 20:09 - 00000000 ____D () C:\ProgramData\Origin
2014-11-29 18:37 - 2014-08-15 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-29 18:37 - 2014-08-15 20:09 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-29 13:28 - 2014-08-15 19:43 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Adobe
2014-11-29 13:27 - 2012-02-23 08:07 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-29 13:25 - 2012-02-23 08:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-29 12:28 - 2014-10-30 16:02 - 00000024 _____ () C:\Users\Kytari\random.dat
2014-11-29 11:09 - 2014-10-30 16:17 - 00000023 _____ () C:\Users\Kytari\jagexappletviewer.preferences
2014-11-28 17:03 - 2014-08-15 19:30 - 00000000 ____D () C:\Users\Kytari
2014-11-27 21:33 - 2014-08-15 21:41 - 00000000 ____D () C:\Program Files\OBS
2014-11-26 18:39 - 2014-09-07 07:38 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-26 18:39 - 2014-08-15 20:11 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-26 14:19 - 2014-10-30 16:02 - 00000045 _____ () C:\Users\Kytari\jagex_cl_oldschool_LIVE.dat
2014-11-26 13:37 - 2014-10-30 16:00 - 00000000 ____D () C:\Users\Kytari\jagexcache
2014-11-24 14:04 - 2014-08-15 20:03 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 14:43 - 2014-08-15 19:33 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\Atheros
2014-11-17 15:00 - 2014-09-05 20:11 - 00000000 ____D () C:\Users\Kytari\AppData\Roaming\vlc
 
Files to move or delete:
====================
C:\Users\Kytari\jagex_cl_oldschool_LIVE.dat
C:\Users\Kytari\jagex_cl_runescape_LIVE.dat
C:\Users\Kytari\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Kytari\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Kytari\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.3.exe
C:\Users\Kytari\AppData\Local\Temp\Quarantine.exe
C:\Users\Kytari\AppData\Local\Temp\sqlite3.dll
C:\Users\Kytari\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-16 18:12
 
==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 18 December 2014 - 08:39 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Google Wallet) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Kytari\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Kytari\AppData\Local\Temp\xmlUpdater.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#5 Kytari

Kytari
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 18 December 2014 - 09:09 AM

Fixlog.txt


 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014

Ran by Kytari at 2014-12-18 15:54:08 Run:1
Running from C:\Users\Kytari\Desktop\FarBar
Loaded Profile: Kytari (Available profiles: Kytari)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Extension: (Google Wallet) - C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Kytari\AppData\Local\Temp\ChangeIcon.exe
C:\Users\Kytari\AppData\Local\Temp\xmlUpdater.exe
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\Kytari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
VBoxNetFlt => Service deleted successfully.
C:\Users\Kytari\AppData\Local\Temp\ChangeIcon.exe => Moved successfully.
C:\Users\Kytari\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

checkup.txt


 

Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player 10 Flash Player out of Date!
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 

The computer is running fine, but I haven't seen any change.

 

EDIT: I updated the Flash Player. I didn't know that it had any updates.


Edited by Kytari, 18 December 2014 - 09:18 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 18 December 2014 - 09:19 AM

So are we good?

#7 Kytari

Kytari
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:15 PM

Posted 18 December 2014 - 02:23 PM

Actually, I think we are. Thank you for all your help  :)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:15 AM

Posted 19 December 2014 - 08:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users