Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost.exe creates itself in C:/Windows/TEMP


  • This topic is locked This topic is locked
21 replies to this topic

#1 obliga11

obliga11

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 04 January 2015 - 06:11 AM

Hi!

 

As i wrote Svchost.exe creates itself in C:/Windows/TEMP and startsup everytime i start the computer and eating upp all my CPU unless i terminate it. Malwarebytes tells me it's a trojan.

I have checked around the internet and tried a lot of things that have helpoed others but it does not seem to help me. Hopefully you can.

 

Here are my DDS logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Emil at 12:47:34 on 2015-01-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.46.1053.18.8119.6402 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\System32\schtasks.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\temp\svchost.exe" -a cryptonight -o stratum+tcp://pool.cryptmonero.com:1001 -u 43s6t7KoCXtaBZ48bL5sPDhTEs6FG9FA8RCGkqC5xzkCATVAYzSmykD67mSXkejwnSQ552bjF5DsCCunopJPwAUZEkphFBZ -p x
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0BDEDB10-FB00-4346-B6E0-2D1BA432AA55} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C51C7213-7F1C-49BD-84F0-CB6C811233C9} : DHCPNameServer = 195.67.199.33 195.67.199.34
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\fgxkjajb.default-1414605244357\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Emil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Emil\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-21 55280]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-11-30 283064]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-12-29 410768]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-22 56344]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-22 321064]
R3 NisSrv;Microsoft Nätverkskontroll;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RTL8192cu;300Mbps Wireless USB Adapter;C:\Windows\System32\drivers\RTL8192cu.sys [2014-8-8 926824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2011-1-31 13352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 IntcDAud;Intel® Bildskärmsljud;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-22 233984]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-5-9 121416]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-12-29 38032]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-6 1255736]
S4 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
.
=============== Created Last 30 ================
.
2015-01-04 11:26:07    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43447923-7503-4661-BC4C-727449A64322}\mpengine.dll
2015-01-04 10:53:44    35064    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2015-01-04 10:53:43    --------    d-----w-    C:\ProgramData\RogueKiller
2015-01-04 10:37:23    --------    d-sh--w-    C:\$RECYCLE.BIN
2015-01-04 10:11:42    --------    d-----w-    C:\Windows\ERUNT
2015-01-04 10:00:29    --------    d-----w-    C:\AdwCleaner
2015-01-04 08:42:04    --------    d-sh--w-    C:\Users\Emil\AppData\Local\EmieBrowserModeList
2015-01-04 00:30:14    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-04 00:07:40    --------    d-----w-    C:\ProgramData\Malwarebytes
2015-01-03 23:42:49    98816    ----a-w-    C:\Windows\sed.exe
2015-01-03 23:42:49    256000    ----a-w-    C:\Windows\PEV.exe
2015-01-03 23:42:49    208896    ----a-w-    C:\Windows\MBR.exe
2014-12-31 20:06:41    --------    d-----w-    C:\Users\Emil\AppData\Local\Zylom Games
2014-12-30 16:18:49    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2014-12-29 21:34:53    620176    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2014-12-29 21:33:00    38032    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2014-12-29 21:33:00    35472    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2014-12-29 21:33:00    32400    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2014-12-29 21:02:44    --------    d-----w-    C:\Users\Emil\AppData\Local\ElevatedDiagnostics
2014-12-29 20:47:56    --------    d-----w-    C:\Users\Emil\AppData\Roaming\LavasoftStatistics
2014-12-19 14:39:11    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13C2238D-CF17-4DEA-BA6C-51020EBECC2E}\gapaengine.dll
2014-12-17 18:50:17    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-17 18:50:17    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-11 15:12:41    --------    d-----w-    C:\Windows\System32\appraiser
2014-12-10 20:22:56    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-12-10 20:22:56    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2014-12-10 20:22:56    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-10 20:22:56    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-12-10 20:22:56    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2014-12-10 20:22:56    206848    ----a-w-    C:\Windows\System32\mfps.dll
2014-12-10 20:22:56    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2014-12-10 20:22:56    2048    ----a-w-    C:\Windows\System32\mferror.dll
2014-12-10 20:22:56    103424    ----a-w-    C:\Windows\SysWow64\mfps.dll
2014-12-10 20:22:55    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-10 20:09:43    830976    ----a-w-    C:\Windows\System32\appraiser.dll
2014-12-10 20:09:43    1232040    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-12-10 20:09:42    741376    ----a-w-    C:\Windows\System32\invagent.dll
2014-12-10 20:09:42    413184    ----a-w-    C:\Windows\System32\generaltel.dll
2014-12-10 20:09:42    396800    ----a-w-    C:\Windows\System32\devinv.dll
2014-12-10 20:09:42    192000    ----a-w-    C:\Windows\System32\aepic.dll
2014-12-10 20:09:42    1083392    ----a-w-    C:\Windows\System32\aeinv.dll
2014-12-10 20:09:41    227328    ----a-w-    C:\Windows\System32\aepdu.dll
2014-12-10 17:36:06    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-12-10 17:36:05    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-12-10 17:23:07    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-10 17:23:07    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-10 17:07:16    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-12-10 17:07:16    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-12-10 17:07:14    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-12-10 17:00:41    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-10 17:00:41    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-12-10 17:00:41    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-12-10 17:00:41    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-12-10 17:00:41    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-12-10 17:00:40    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 17:00:40    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-10 17:00:40    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 17:00:40    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-12-10 17:00:40    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-12-07 16:37:54    --------    d-----w-    C:\Users\Emil\AppData\Roaming\Roxio Log Files
.
==================== Find3M  ====================
.
2014-12-13 08:03:15    6859408    ----a-w-    C:\Windows\System32\nvcpl.dll
2014-12-13 08:03:15    3513488    ----a-w-    C:\Windows\System32\nvsvc64.dll
2014-12-13 08:03:13    935240    ----a-w-    C:\Windows\System32\nvvsvc.exe
2014-12-13 08:03:13    62608    ----a-w-    C:\Windows\System32\nvshext.dll
2014-12-13 08:03:13    386368    ----a-w-    C:\Windows\System32\nvmctray.dll
2014-12-13 08:03:13    2558608    ----a-w-    C:\Windows\System32\nvsvcr.dll
2014-12-12 23:11:01    4151176    ----a-w-    C:\Windows\System32\nvcoproc.bin
2014-12-10 15:55:40    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-10 15:55:40    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-02 14:51:22    59913    ----a-w-    C:\Windows\temp023423.vbe
2014-11-30 20:19:15    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-29 17:51:01    98216    ------w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-18 02:05:23    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-09 17:02:44    30536    ----a-w-    C:\Windows\System32\nvhdap64.dll
2014-10-09 17:02:39    195728    ----a-w-    C:\Windows\System32\drivers\nvhda64v.sys
2014-10-09 07:17:52    1540240    ----a-w-    C:\Windows\System32\nvhdagenco64.dll
.
============= FINISH: 12:51:32,46 ===============


 

Attached Files


Edited by obliga11, 04 January 2015 - 06:57 AM.


BC AdBot (Login to Remove)

 


m

#2 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 04 January 2015 - 06:13 AM

Nevermind this post. I edited the first post instead.


Edited by obliga11, 04 January 2015 - 01:49 PM.


#3 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 05 January 2015 - 09:05 AM

"C:\Windows\temp\svchost.exe" -a cryptonight -o stratum+tcp://pool.cryptmonero.com:1001 -u 43s6t7KoCXtaBZ48bL5sPDhTEs6FG9FA8RCGkqC5xzkCATVAYzSmykD67mSXkejwnSQ552bjF5DsCCunopJPwAUZEkphFBZ -p x

 

Jusging by that line it's some sort of mining thing.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 05 January 2015 - 10:44 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 05 January 2015 - 11:54 AM

Hi! Thanks for helping.

Here goes.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Emil (administrator) on EMIL-DATOR on 05-01-2015 17:24:10
Running from C:\Users\Emil\Downloads
Loaded Profile: Emil (Available profiles: Emil & Mcx1-EMIL-DATOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\temp\svchost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2515754121-790960676-2067547957-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {64454068-432F-4309-9A9F-44ED54A888FF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {CD234296-3893-4D9E-B881-ED91B6244B1B} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2515754121-790960676-2067547957-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\fgxkjajb.default-1414605244357
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Emil\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: Adblock Plus - C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\fgxkjajb.default-1414605244357\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-09]

Chrome: 
=======
CHR Profile: C:\Users\Emil\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-30] (Disc Soft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7749408 2009-10-08] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [233984 2009-09-26] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-05-09] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-21] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 17:30 - 2015-01-05 17:30 - 04166770 _____ () C:\Users\Emil\Downloads\tdsskiller.zip
2015-01-05 17:30 - 2015-01-05 17:30 - 00380416 _____ () C:\Users\Emil\Downloads\5gchqz2k.exe
2015-01-05 17:24 - 2015-01-05 17:26 - 00012229 _____ () C:\Users\Emil\Downloads\FRST.txt
2015-01-05 17:23 - 2015-01-05 17:24 - 00000000 ____D () C:\FRST
2015-01-05 17:23 - 2015-01-05 17:23 - 02123776 _____ (Farbar) C:\Users\Emil\Downloads\FRST64.exe
2015-01-05 17:14 - 2015-01-05 17:21 - 00000168 _____ () C:\Windows\setupact.log
2015-01-05 17:14 - 2015-01-05 17:18 - 00000912 _____ () C:\Windows\PFRO.log
2015-01-05 17:14 - 2015-01-05 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 15:40 - 2015-01-05 17:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 15:39 - 2015-01-05 15:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Emil\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-05 15:39 - 2015-01-05 15:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 15:39 - 2015-01-05 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 15:39 - 2015-01-05 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 15:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 15:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 15:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-05 15:29 - 2015-01-05 15:29 - 00000000 ____D () C:\Users\Emil\Downloads\x64
2015-01-05 15:29 - 2015-01-05 15:29 - 00000000 ____D () C:\Users\Emil\Downloads\settings
2015-01-05 15:29 - 2014-12-31 01:46 - 01783808 _____ () C:\Users\Emil\Downloads\Display Driver Uninstaller.exe
2015-01-05 15:29 - 2014-12-31 01:46 - 00194048 _____ () C:\Users\Emil\Downloads\Display Driver Uninstaller.pdb
2015-01-05 15:28 - 2015-01-05 15:28 - 01165474 _____ (Igor Pavlov) C:\Users\Emil\Downloads\DDU v13.5.5.0.exe
2015-01-04 21:52 - 2015-01-05 15:36 - 00000000 ____D () C:\Users\Emil\AppData\Local\CrashDumps
2015-01-04 12:51 - 2015-01-04 12:51 - 00016254 _____ () C:\Users\Public\Documents\dds.txt
2015-01-04 12:51 - 2015-01-04 12:51 - 00006007 _____ () C:\Users\Public\Documents\attach.txt
2015-01-04 11:53 - 2015-01-04 11:56 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-04 11:53 - 2015-01-04 11:53 - 15298136 _____ () C:\Users\Emil\Downloads\RogueKiller.exe
2015-01-04 11:53 - 2015-01-04 11:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-04 11:46 - 2015-01-04 11:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emil\Downloads\HijackThis.exe
2015-01-04 11:46 - 2015-01-04 11:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-04 11:37 - 2015-01-04 11:37 - 00029443 _____ () C:\ComboFix.txt
2015-01-04 11:11 - 2015-01-04 11:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-04 11:04 - 2015-01-04 11:04 - 05609858 ____R (Swearware) C:\Users\Emil\Downloads\ComboFix.exe
2015-01-04 11:00 - 2015-01-04 11:10 - 00000000 ____D () C:\AdwCleaner
2015-01-04 11:00 - 2015-01-04 11:00 - 02173952 _____ () C:\Users\Emil\Downloads\AdwCleaner.exe
2015-01-04 11:00 - 2015-01-04 11:00 - 01707939 _____ (Thisisu) C:\Users\Emil\Downloads\JRT.exe
2015-01-04 10:59 - 2015-01-04 10:59 - 00688992 ____R (Swearware) C:\Users\Emil\Downloads\dds.scr
2015-01-04 09:42 - 2015-01-04 09:42 - 00000000 __SHD () C:\Users\Emil\AppData\Local\EmieBrowserModeList
2015-01-04 02:19 - 2015-01-04 02:19 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-04 02:19 - 2015-01-04 02:19 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-04 01:07 - 2015-01-04 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 00:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-04 00:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-04 00:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-04 00:35 - 2015-01-04 11:37 - 00000000 ____D () C:\Qoobox
2015-01-04 00:35 - 2015-01-04 00:49 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____H () C:\Users\Emil\Documents\Default.rdp
2015-01-03 10:48 - 2015-01-03 10:48 - 00000067 _____ () C:\Users\Emil\Desktop\trades.txt
2015-01-01 18:25 - 2015-01-01 18:26 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part3.HDTV.x264-KILLERS[ettv]
2015-01-01 18:24 - 2015-01-03 20:02 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part1.HDTV.x264-KILLERS[ettv]
2015-01-01 18:24 - 2015-01-01 18:27 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part2.HDTV.x264-KILLERS[ettv]
2015-01-01 15:36 - 2015-01-05 17:24 - 00305410 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 21:09 - 2014-12-31 21:09 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-31 21:07 - 2014-12-31 21:07 - 00003240 _____ () C:\Windows\System32\Tasks\{1271D1E9-DD48-4FCD-B1E5-5E7E11C7F2EF}
2014-12-31 21:06 - 2014-12-31 21:06 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zylom Games
2014-12-31 21:06 - 2014-12-31 21:06 - 00000000 ____D () C:\Users\Emil\AppData\Local\Zylom Games
2014-12-29 22:35 - 2014-12-30 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 22:34 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 22:33 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 22:33 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-29 22:33 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 22:32 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 22:32 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 22:32 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 22:32 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 21:47 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\LavasoftStatistics
2014-12-17 19:50 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 16:12 - 2014-12-11 16:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 21:22 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 21:22 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 21:22 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 21:22 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 21:22 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 21:22 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 21:22 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 21:22 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 21:22 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 21:22 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 21:10 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 21:10 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 21:10 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 21:10 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 21:10 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 21:10 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 21:10 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 21:10 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 21:10 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 21:10 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 21:10 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 21:10 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 21:10 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 21:10 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 21:10 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 21:10 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 21:10 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:10 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 21:10 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 21:10 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 21:10 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:10 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 21:10 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 21:10 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 21:10 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 21:10 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:10 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 21:10 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:10 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 21:10 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 21:10 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 21:10 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 21:10 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 21:10 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 21:10 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 21:10 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 21:10 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 21:10 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 21:10 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 21:10 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:10 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 21:10 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 21:10 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 21:10 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 21:10 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 21:10 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 21:10 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 21:10 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:10 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 21:10 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 21:10 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 21:10 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 21:10 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 21:10 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 21:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 21:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 18:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 18:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 18:23 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 18:23 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 18:07 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:07 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:07 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 18:00 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 18:00 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 18:00 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 18:00 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 16:42 - 2014-12-09 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 17:40 - 2014-12-07 17:40 - 00003232 _____ () C:\Windows\System32\Tasks\{8F3810A8-8539-4D2D-9CC1-243F514CA450}
2014-12-07 17:37 - 2014-12-07 17:37 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Roxio Log Files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 17:23 - 2010-11-05 18:55 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Skype
2015-01-05 17:21 - 2012-06-04 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-05 17:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 17:20 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 17:20 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:55 - 2013-03-13 15:17 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-05 15:38 - 2014-05-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-05 15:34 - 2010-11-05 23:43 - 00007603 _____ () C:\Users\Emil\AppData\Local\resmon.resmoncfg
2015-01-04 11:47 - 2014-08-21 15:48 - 00000000 ____D () C:\Users\Emil\AppData\Local\Adobe
2015-01-04 11:46 - 2011-06-17 13:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 11:46 - 2011-03-16 17:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-04 11:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-04 10:43 - 2010-11-05 22:44 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\uTorrent
2015-01-04 09:46 - 2010-11-05 16:44 - 00000000 ____D () C:\Users\Emil
2015-01-04 02:12 - 2009-08-04 02:14 - 00672244 _____ () C:\Windows\system32\perfh01D.dat
2015-01-04 02:12 - 2009-08-04 02:14 - 00147142 _____ () C:\Windows\system32\perfc01D.dat
2015-01-04 02:12 - 2009-07-14 06:13 - 01607144 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 01:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2014-12-30 17:37 - 2010-06-21 14:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-30 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-30 17:18 - 2012-06-04 19:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-30 17:18 - 2012-06-04 19:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-30 17:18 - 2012-06-04 19:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-29 21:38 - 2010-06-21 23:26 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-24 12:00 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Spotify
2014-12-20 18:29 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\Emil\AppData\Local\Spotify
2014-12-19 15:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 15:28 - 2014-09-18 20:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 15:28 - 2010-06-21 14:41 - 00000000 ____D () C:\ProgramData\Skype
2014-12-13 11:08 - 2013-02-25 23:32 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 11:08 - 2013-02-25 23:32 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 11:08 - 2012-06-04 19:01 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 09:03 - 2012-06-04 19:02 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 09:03 - 2012-06-04 19:02 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-13 00:11 - 2012-06-04 19:02 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-11 16:12 - 2014-05-06 19:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 21:25 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 21:23 - 2010-11-06 13:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 16:55 - 2013-03-13 15:17 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 16:55 - 2012-03-30 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 16:55 - 2011-05-17 13:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 15:53 - 2012-05-03 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 17:35 - 2012-04-22 19:34 - 00812544 ___SH () C:\Users\Emil\Downloads\Thumbs.db
2014-12-08 20:05 - 2010-11-05 16:45 - 00077488 _____ () C:\Users\Emil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 20:04 - 2009-07-14 05:45 - 04942400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 17:27 - 2014-05-10 10:32 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-12-07 17:27 - 2014-05-10 10:32 - 00000000 ____D () C:\Users\Emil\Documents\Sports Interactive
2014-12-07 17:23 - 2010-11-05 18:50 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\DAEMON Tools Lite

Files to move or delete:
====================
C:\Users\Emil\AppData\Roaming\Origin\update.vbe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:05

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Emil at 2015-01-05 17:32:36
Running from C:\Users\Emil\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.1211.1547.28237 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Free M4a to MP3 Converter 7.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Excel 2003 (HKLM-x32\...\{9016041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{9017041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM-x32\...\{901B041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 sv-SE)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision drivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TP-LINK 300Mbps Wireless USB Adapter Drivrutin (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK trådlösa konfigurationsverktyg (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 21:24:53 Windows Update
29-12-2014 21:45:50 AA11
29-12-2014 22:00:56 Removed THX TruStudio PC
30-12-2014 17:30:44 AA11
30-12-2014 17:36:47 Removed Windows Live ID Sign-in Assistant
30-12-2014 17:37:09 Removed Windows Live Sync
30-12-2014 17:37:26 Removed Windows Live Upload Tool
30-12-2014 17:39:04 AA11
30-12-2014 17:48:12 AA11
04-01-2015 00:07:10 Registry First Aid backup
04-01-2015 01:29:31 Removed MSXML 4.0 SP2 (KB973688)
04-01-2015 02:15:34 Windows Update
04-01-2015 11:44:55 Removed Adobe Reader XI (11.0.10) - Svenska.
04-01-2015 14:30:34 DirectX har installerats

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-04 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3547A2E5-5D41-4C7B-AE62-829C3BD9EAB6} - System32\Tasks\{1271D1E9-DD48-4FCD-B1E5-5E7E11C7F2EF} => pcalua.exe -a "C:\Users\Emil\AppData\Local\Zylom Games\Trivial Pursuit Genus Edition Deluxe\GameInstlr.exe" -c --uninstall UnInstall.log
Task: {4EC724AE-C704-4809-8C8B-D41314D2F659} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A8B052B-A008-4A4B-B2AF-8C86C2E53685} - System32\Tasks\{8F3810A8-8539-4D2D-9CC1-243F514CA450} => pcalua.exe -a C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe -c /x {537BF16E-7412-448C-95D8-846E85A1D817}
Task: {831296A4-2393-4A87-93BD-EAAF624CBC1A} - System32\Tasks\Origin => C:\Users\Emil\AppData\Roaming\Origin\update.vbe [2014-11-30] () <==== ATTENTION
Task: {ACFD230F-7855-40FB-B0AA-FFCDAAAA52E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {CC4F2EFB-B9A1-464E-A618-1D2C652B3AA8} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-EMIL-DATOR => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {E0307EE1-A685-4497-866D-316384422510} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {F4CC414E-E3D2-42ED-A23B-F7BB164E8AED} - System32\Tasks\{2949D93F-0AD1-4C9B-AF0B-7EB55A0CE734} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/sv/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-06-04 19:02 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1053.dll
2015-01-05 17:21 - 2015-01-05 17:21 - 01605120 _____ () C:\Windows\temp\svchost.exe
2014-12-09 16:42 - 2014-12-09 16:43 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Classes\exefile:  <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

========================= Accounts: ==========================

Administratör (S-1-5-21-2515754121-790960676-2067547957-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2515754121-790960676-2067547957-1006 - Limited - Enabled)
Emil (S-1-5-21-2515754121-790960676-2067547957-1001 - Administrator - Enabled) => C:\Users\Emil
Gäst (S-1-5-21-2515754121-790960676-2067547957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2515754121-790960676-2067547957-1004 - Limited - Enabled)
Mcx1-EMIL-DATOR (S-1-5-21-2515754121-790960676-2067547957-1007 - Limited - Enabled) => C:\Users\Mcx1-EMIL-DATOR

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:06:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1. Det finns ett fel i manifest- eller principfilen WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 på rad WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition är WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Använd sxstrace.exe om du vill diagnostisera ytterligare.

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/05/2015 05:21:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/05/2015 05:21:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/05/2015 05:18:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/05/2015 05:18:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/05/2015 05:14:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/05/2015 05:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/05/2015 05:12:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/05/2015 05:12:45 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/05/2015 03:42:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/05/2015 03:33:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126


Microsoft Office Sessions:
=========================
Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:06:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10031

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10031

Error: (01/05/2015 10:21:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 00:48:36.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-04 00:48:35.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-06 15:49:34.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-30 13:22:40.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:24:47.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:24:47.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:16:48.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:16:47.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 20:39:02.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 20:39:02.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 24%
Total physical RAM: 8119.08 MB
Available physical RAM: 6147.86 MB
Total Pagefile: 16236.34 MB
Available Pagefile: 14100.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:688.62 GB) (Free:535.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-01-05 17:48:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST375052 rev.CC45 698,64GB
Running: 5gchqz2k.exe; Driver: C:\Users\Emil\AppData\Local\Temp\pwloquod.sys


---- Devices - GMER 2.1 ----

Device  \FileSystem\Ntfs \Ntfs                                                                                              fffffa80076452c0
Device  \FileSystem\fastfat \Fat                                                                                            fffffa800e1e32c0
Device  \Driver\USBSTOR \Device\00000088                                                                                    fffffa800a7082c0
Device  \Driver\usbehci \Device\USBPDO-1                                                                                    fffffa800a68f2c0
Device  \Driver\USBSTOR \Device\00000084                                                                                    fffffa800a7082c0
Device  \Driver\cdrom \Device\CdRom0                                                                                        fffffa800a35b2c0
Device  \Driver\cdrom \Device\CdRom1                                                                                        fffffa800a35b2c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{C51C7213-7F1C-49BD-84F0-CB6C811233C9}                                            fffffa8007e002c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{0BDEDB10-FB00-4346-B6E0-2D1BA432AA55}                                            fffffa8007e002c0
Device  \Driver\usbehci \Device\USBFDO-0                                                                                    fffffa800a68f2c0
Device  \Driver\USBSTOR \Device\00000085                                                                                    fffffa800a7082c0
Device  \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                            fffffa800a2952c0
Device  \Driver\dtsoftbus01 \Device\00000062                                                                                fffffa800a2952c0
Device  \Driver\usbehci \Device\USBFDO-1                                                                                    fffffa800a68f2c0
Device  \Driver\USBSTOR \Device\00000086                                                                                    fffffa800a7082c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                                                                             fffffa8007e002c0
Device  \Driver\USBSTOR \Device\00000087                                                                                    fffffa800a7082c0
Device  \Driver\usbehci \Device\USBPDO-0                                                                                    fffffa800a68f2c0

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3436:2796]                                                      000007fefbcd2bf8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3436:3712]                                                      000007feeee74830
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3436:4500]                                                      000007fef7345124

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x40 0x5B 0xF0 0xD9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xC6 0xC5 0x95 0xEE ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC2 0x0F 0xF0 0xBD ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x40 0x5B 0xF0 0xD9 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC6 0xC5 0x95 0xEE ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC2 0x0F 0xF0 0xBD ...

---- EOF - GMER 2.1 ----

Attached Files



#6 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 05 January 2015 - 11:58 AM

I found this in the C:/Windows/TEMP folder as well when i was searching around

A file called "1420475075_log" with the text. It seems to create one of those as well every time the computer starts.

 

17:24:35:994	9f4	
17:24:36:003	9f4	ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
17:24:36:007	9f4	º            Claymore CryptoNote CPU Miner  v3.4 Beta            º
17:24:36:017	9f4	ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
17:24:36:225	9f4	64-bit version
17:24:36:237	9f4	CPU does not support AES-NI - slower mining!
17:24:36:249	9f4	Logical CPU cores: 4
17:24:36:260	9f4	Number of threads: Autoselection...
17:24:36:265	9f4	Using 4 threads
17:24:36:274	9f4	scfg: 1
17:24:36:277	9f4	1 pool specified.
17:24:36:280	9f4	Press "m" key for tune mode.
17:24:36:289	804	Stratum - connecting to 'pool.cryptmonero.com' <46.165.232.77> port 1001
17:24:36:311	1274	Stratum - Connected
17:24:36:317	804	Stratum - Connected
17:24:36:337	1274	got 303 bytes
17:24:36:339	804	got 303 bytes
17:24:36:341	804	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"865460375277325","job":{"blob":"0100d9f4aaa5053763afd9eb4dc37d9104a4279b8ce52865c0ecd290ae931c44299db6cf7d1d420000000094958e7a6ca123265d0fd17d49e8564f876b7f3f8bb21acbdb985056fe0abfef02","job_id":"509197454014793","target":"cfb02b00"},"status":"OK"}}

17:24:36:344	804	parse packet: 303
17:24:36:346	804	new buf size: 0
17:24:36:349	804	Pool Diff 1500
17:24:36:352	804	df has same pool, skip
17:24:36:349	1274	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"id":"732727708877064","job":{"blob":"0100d9f4aaa5053763afd9eb4dc37d9104a4279b8ce52865c0ecd290ae931c44299db6cf7d1d42000000007d223e1689f09c1b74e3d83e281f0c8a7b2c354fb62369c6f4761b0a23e7960c02","job_id":"962864600983448","target":"cfb02b00"},"status":"OK"}}

17:24:36:357	1274	parse packet: 303
17:24:36:360	1274	new buf size: 0
17:24:36:364	1274	DevFee: Pool Diff 1500
17:24:37:474	804	01/05/15-17:24:37 - SHARE FOUND (target 1500) - (THR 3 of 4)
17:24:37:473	e88	round found 1 shares
17:24:39:909	804	got 63 bytes
17:24:39:912	804	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}

17:24:39:914	804	parse packet: 63
17:24:39:942	804	Share accepted
17:24:42:294	804	new buf size: 0
17:24:42:329	804	got 253 bytes
17:24:42:332	804	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"0100d9f4aaa5053763afd9eb4dc37d9104a4279b8ce52865c0ecd290ae931c44299db6cf7d1d420000000038e8e9e05e991ede94308cf81541a161689e5892b6ba56fd327fab642dd7552902","job_id":"213820802909322","target":"67d81500"}}

17:24:42:334	804	parse packet: 253
17:24:42:337	804	new buf size: 0
17:24:42:340	804	df has same pool, skip
17:24:42:842	804	01/05/15-17:24:42 - New job received from pool.cryptmonero.com:1001
17:24:48:700	804	Speed: 30 h/s, TotalHashes: 0K, DevHashes: 0K Mining time:
17:24:48:703	804	00:00
17:25:06:285	9f4	watchdog - thread 0, hb time 312
17:25:06:288	9f4	watchdog - thread 1, hb time 577
17:25:06:291	9f4	watchdog - thread 2, hb time 874
17:25:06:294	9f4	watchdog - thread 3, hb time 1654
17:25:19:859	804	got 253 bytes
17:26:10:993	804	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"0100f0f5aaa50577514e08ed05c49126273a6a14ba0fc062344c754a4b030f44607d8370653f2b0000000069ddd2638c32098a2647fd95daf89deee762c58d3cbb3a3c4e22682deebe29d002","job_id":"512621715432032","target":"67d81500"}}

17:26:12:980	804	parse packet: 253
17:26:12:984	804	new buf size: 0
17:26:12:987	804	df has same pool, skip
17:26:12:990	804	01/05/15-17:26:12 - New job received from pool.cryptmonero.com:1001
17:26:12:993	804	Speed: 31 h/s, TotalHashes: 2K, DevHashes: 0K Mining time:
17:26:12:996	804	00:01
17:26:12:999	804	got 759 bytes
17:26:13:002	804	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"01008bf6aaa5057c7b25d643cfd344822d6347e26054c8afbb2f71f7029a9b32399de51ccc4d1d0000000000d6c1e9f3efe7f75ad17b9b2369cf92aac64c9670f5f51c454957658eebe3d901","job_id":"848779577855020","target":"67d81500"}}
{"jsonrpc":"2.0","method":"job","params":{"blob":"01009bf6aaa50547ffe9453750a8878940f63fb2699956811fc326c04bd2afa1b457fad5b8507a00000000f105156a277bbc69be86967cb55b498f42046eb2f03d368f5cb1b0c0ae66216a01","job_id":"869307536608539","target":"67d81500"}}
{"jsonrpc":"2.0","method":"job","params":{"blob":"0100a1f6aaa505917e83e106ef7c64e1cee4cda13cdcd91a29b4d3607e061616510508a094b950000000000667d214a0bb0a06b717f32952a4024c424f63ec11fc0c7ad40d031c9b88cf2f01","job_id":"416880122572183","target":"67d81500"}}

17:26:13:005	804	parse packet: 253
17:26:13:008	804	remove first packet 506
17:26:13:011	804	new buf size: 506
17:26:13:014	804	parse packet: 253
17:26:13:017	804	remove first packet 253
17:26:13:020	804	new buf size: 253
17:26:13:023	804	parse packet: 253
17:26:13:026	804	new buf size: 0
17:26:13:029	804	df has same pool, skip
17:26:13:033	804	01/05/15-17:26:13 - New job received from pool.cryptmonero.com:1001
17:26:13:036	804	Speed: 31 h/s, TotalHashes: 2K, DevHashes: 0K Mining time:
17:26:13:039	804	00:01
17:26:23:549	1284	round found 1 shares
17:26:36:323	9f4	watchdog - thread 0, hb time 5647
17:26:36:328	9f4	watchdog - thread 1, hb time 2340
17:26:36:332	9f4	watchdog - thread 2, hb time 1310
17:26:36:336	9f4	watchdog - thread 3, hb time 3323
17:26:59:348	814	round found 1 shares
17:26:59:365	804	01/05/15-17:26:59 - SHARE FOUND (target 3000) - (THR 2 of 4)
17:26:59:556	804	got 63 bytes
17:27:00:455	804	buf: {"id":1,"jsonrpc":"2.0","error":null,"result":{"status":"OK"}}

17:27:00:522	804	parse packet: 63
17:27:00:585	804	Share accepted
17:27:00:588	804	new buf size: 0
17:27:06:342	9f4	watchdog - thread 0, hb time 421
17:27:06:345	9f4	watchdog - thread 1, hb time 2433
17:27:06:348	9f4	watchdog - thread 2, hb time 2277
17:27:06:352	9f4	watchdog - thread 3, hb time 312
17:27:11:863	804	got 253 bytes
17:27:12:945	804	buf: {"jsonrpc":"2.0","method":"job","params":{"blob":"0100a1f6aaa505917e83e106ef7c64e1cee4cda13cdcd91a29b4d3607e061616510508a094b95000000000646609c00d76ff11334784fa0fe400a101040443155f2e56e4526883ae45e1d101","job_id":"383484864328056","target":"502e0f00"}}

17:27:12:949	804	parse packet: 253
17:27:12:953	804	new buf size: 0
17:27:12:956	804	df has same pool, skip
17:27:12:967	804	01/05/15-17:27:12 - New job received from pool.cryptmonero.com:1001
17:27:12:971	804	Speed: 29 h/s, TotalHashes: 4K, DevHashes: 0K Mining time:
17:27:12:978	804	00:02
17:27:36:357	9f4	watchdog - thread 0, hb time 905
17:27:36:401	9f4	watchdog - thread 1, hb time 2668
17:27:36:405	9f4	watchdog - thread 2, hb time 967
17:27:36:408	9f4	watchdog - thread 3, hb time 3448
17:28:06:413	9f4	watchdog - thread 0, hb time 1108
17:28:06:416	9f4	watchdog - thread 1, hb time 1233
17:28:06:419	9f4	watchdog - thread 2, hb time 796
17:28:06:422	9f4	watchdog - thread 3, hb time 2091

So it seems like the malware is called "Claymore CryptoNote CPU Miner v3.4 Beta "



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 06 January 2015 - 04:33 AM

Disable CD Emulation with DeFogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
 

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers.
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 06 January 2015 - 05:55 AM

Hi

After restarting the computer after doing the FRST fix the Scvhost.exe did not appear in the temp folder. However another file related to the miner were.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Emil at 2015-01-06 11:31:24 Run:1
Running from C:\Users\Emil\Downloads
Loaded Profile: Emil (Available profiles: Emil & Mcx1-EMIL-DATOR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Classes\exefile:  <===== ATTENTION!
Task: {831296A4-2393-4A87-93BD-EAAF624CBC1A} - System32\Tasks\Origin => C:\Users\Emil\AppData\Roaming\Origin\update.vbe [2014-11-30] () <==== ATTENTION

C:\Users\Emil\AppData\Roaming\Origin\update.vbe

EmptyTemp:
*****************

"HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Classes\exefile" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{831296A4-2393-4A87-93BD-EAAF624CBC1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{831296A4-2393-4A87-93BD-EAAF624CBC1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\Users\Emil\AppData\Roaming\Origin\update.vbe => Moved successfully.
EmptyTemp: => Removed 73.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 11:31:44 ====
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-01-06
Scan Time: 11:40:33
Logfile: 
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.06.03
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Emil

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426724
Time Elapsed: 11 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 06 January 2015 - 06:48 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 06 January 2015 - 08:36 AM

C:\FRST\Quarantine\C\Users\Emil\AppData\Roaming\Origin\update.vbe.xBAD	VBS/CoinMiner.CI trojan
C:\Windows\temp023423.vbe	VBS/CoinMiner.CJ trojan
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe	VBS/CoinMiner.CJ trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe	VBS/CoinMiner.CJ trojan



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 06 January 2015 - 08:43 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 06 January 2015 - 09:10 AM

The only file that was created in the temp folder now was called "lpksetup-20150106-150432-0"

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015
Ran by Emil at 2015-01-06 15:03:14 Run:2
Running from C:\Users\Emil\Downloads
Loaded Profile: Emil (Available profiles: Emil & Mcx1-EMIL-DATOR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe

emptytemp:
*****************

C:\Windows\System32\config\systemprofile\AppData\Roaming\Origin\update.vbe => Moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Origin\update.vbe => Moved successfully.
EmptyTemp: => Removed 166.5 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:03:31 ====


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 06 January 2015 - 09:35 AM

That´s a Microsoft file...

 

Please rescan with FRST (create a new addition.txt as well) and post the logs.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 obliga11

obliga11
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 06 January 2015 - 09:44 AM

Ok

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by Emil (administrator) on EMIL-DATOR on 06-01-2015 15:41:16
Running from C:\Users\Emil\Downloads
Loaded Profile: Emil (Available profiles: Emil & Mcx1-EMIL-DATOR)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30873192 2014-12-11] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2515754121-790960676-2067547957-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2515754121-790960676-2067547957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {64454068-432F-4309-9A9F-44ED54A888FF} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {CD234296-3893-4D9E-B881-ED91B6244B1B} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-2515754121-790960676-2067547957-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\fgxkjajb.default-1414605244357
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: @acestream.net/acestreamplugin,version=2.2.1.1-next -> C:\Users\Emil\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Emil\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2515754121-790960676-2067547957-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
FF Extension: Adblock Plus - C:\Users\Emil\AppData\Roaming\Mozilla\Firefox\Profiles\fgxkjajb.default-1414605244357\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-09]

Chrome: 
=======
CHR Profile: C:\Users\Emil\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S4 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-11-30] (Disc Soft Ltd)
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7749408 2009-10-08] (Intel Corporation) [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [233984 2009-09-26] (Intel(R) Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-05-09] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [926824 2012-10-25] (Realtek Semiconductor Corporation                           )
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-21] (Duplex Secure Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-04] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 15:41 - 2015-01-06 15:41 - 00012503 _____ () C:\Users\Emil\Downloads\FRST.txt
2015-01-06 12:58 - 2015-01-06 12:58 - 02347384 _____ (ESET) C:\Users\Emil\Downloads\esetsmartinstaller_enu.exe
2015-01-06 12:58 - 2015-01-06 12:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-06 11:21 - 2015-01-06 11:21 - 00000580 _____ () C:\Users\Emil\Downloads\defogger_disable.log
2015-01-06 11:21 - 2015-01-06 11:21 - 00000020 _____ () C:\Users\Emil\defogger_reenable
2015-01-06 11:16 - 2015-01-06 11:16 - 00050477 _____ () C:\Users\Emil\Downloads\Defogger.exe
2015-01-05 17:49 - 2014-12-12 00:46 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Emil\Downloads\TDSSKiller.exe
2015-01-05 17:30 - 2015-01-05 17:30 - 00380416 _____ () C:\Users\Emil\Downloads\5gchqz2k.exe
2015-01-05 17:23 - 2015-01-06 15:41 - 00000000 ____D () C:\FRST
2015-01-05 17:23 - 2015-01-05 17:23 - 02123776 _____ (Farbar) C:\Users\Emil\Downloads\FRST64.exe
2015-01-05 17:14 - 2015-01-06 15:04 - 00001586 _____ () C:\Windows\PFRO.log
2015-01-05 17:14 - 2015-01-06 15:04 - 00000392 _____ () C:\Windows\setupact.log
2015-01-05 17:14 - 2015-01-05 17:14 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-05 15:40 - 2015-01-06 15:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-05 15:39 - 2015-01-05 15:39 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-05 15:39 - 2015-01-05 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-05 15:39 - 2015-01-05 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-05 15:39 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-05 15:39 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-05 15:39 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-04 21:52 - 2015-01-05 15:36 - 00000000 ____D () C:\Users\Emil\AppData\Local\CrashDumps
2015-01-04 12:51 - 2015-01-04 12:51 - 00016254 _____ () C:\Users\Public\Documents\dds.txt
2015-01-04 12:51 - 2015-01-04 12:51 - 00006007 _____ () C:\Users\Public\Documents\attach.txt
2015-01-04 11:53 - 2015-01-04 11:56 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-04 11:53 - 2015-01-04 11:53 - 15298136 _____ () C:\Users\Emil\Downloads\RogueKiller.exe
2015-01-04 11:53 - 2015-01-04 11:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-04 11:46 - 2015-01-04 11:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Emil\Downloads\HijackThis.exe
2015-01-04 11:46 - 2015-01-04 11:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-04 11:37 - 2015-01-04 11:37 - 00029443 _____ () C:\ComboFix.txt
2015-01-04 11:11 - 2015-01-04 11:11 - 00000000 ____D () C:\Windows\ERUNT
2015-01-04 11:04 - 2015-01-04 11:04 - 05609858 ____R (Swearware) C:\Users\Emil\Downloads\ComboFix.exe
2015-01-04 11:00 - 2015-01-04 11:10 - 00000000 ____D () C:\AdwCleaner
2015-01-04 11:00 - 2015-01-04 11:00 - 02173952 _____ () C:\Users\Emil\Downloads\AdwCleaner.exe
2015-01-04 11:00 - 2015-01-04 11:00 - 01707939 _____ (Thisisu) C:\Users\Emil\Downloads\JRT.exe
2015-01-04 10:59 - 2015-01-04 10:59 - 00688992 ____R (Swearware) C:\Users\Emil\Downloads\dds.scr
2015-01-04 09:42 - 2015-01-04 09:42 - 00000000 __SHD () C:\Users\Emil\AppData\Local\EmieBrowserModeList
2015-01-04 02:19 - 2015-01-04 02:19 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-01-04 02:19 - 2015-01-04 02:19 - 00001908 _____ () C:\Windows\diagerr.xml
2015-01-04 01:07 - 2015-01-04 01:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-04 00:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-04 00:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-04 00:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-04 00:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-04 00:35 - 2015-01-04 11:37 - 00000000 ____D () C:\Qoobox
2015-01-04 00:35 - 2015-01-04 00:49 - 00000000 ____D () C:\Windows\erdnt
2015-01-03 12:49 - 2015-01-03 12:49 - 00000000 ____H () C:\Users\Emil\Documents\Default.rdp
2015-01-01 18:25 - 2015-01-05 20:33 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part3.HDTV.x264-KILLERS[ettv]
2015-01-01 18:24 - 2015-01-03 20:02 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part1.HDTV.x264-KILLERS[ettv]
2015-01-01 18:24 - 2015-01-01 18:27 - 00000000 ____D () C:\Users\Emil\Downloads\Washington.Capitals-Chicago.Blackhawks.Road.to.the.NHL.Winter.Classic.Part2.HDTV.x264-KILLERS[ettv]
2015-01-01 15:36 - 2015-01-06 15:08 - 00396183 _____ () C:\Windows\WindowsUpdate.log
2014-12-31 21:09 - 2014-12-31 21:09 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-31 21:07 - 2014-12-31 21:07 - 00003240 _____ () C:\Windows\System32\Tasks\{1271D1E9-DD48-4FCD-B1E5-5E7E11C7F2EF}
2014-12-31 21:06 - 2014-12-31 21:06 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zylom Games
2014-12-31 21:06 - 2014-12-31 21:06 - 00000000 ____D () C:\Users\Emil\AppData\Local\Zylom Games
2014-12-29 22:35 - 2014-12-30 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 22:34 - 2014-12-13 01:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 22:33 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 22:33 - 2014-11-22 11:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-12-29 22:33 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 22:32 - 2014-12-13 11:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 22:32 - 2014-12-13 11:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 22:32 - 2014-10-09 18:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 22:32 - 2014-10-09 18:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 22:32 - 2014-10-09 08:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 21:47 - 2014-12-29 21:47 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\LavasoftStatistics
2014-12-17 19:50 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 19:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-11 16:12 - 2014-12-11 16:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 21:22 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 21:22 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 21:22 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-10 21:22 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-10 21:22 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-10 21:22 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-10 21:22 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-10 21:22 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-10 21:22 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-10 21:22 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 21:10 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 21:10 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 21:10 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 21:10 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 21:10 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 21:10 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 21:10 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 21:10 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 21:10 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 21:10 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 21:10 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 21:10 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 21:10 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 21:10 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 21:10 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 21:10 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 21:10 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 21:10 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 21:10 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 21:10 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 21:10 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 21:10 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 21:10 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 21:10 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 21:10 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 21:10 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 21:10 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 21:10 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 21:10 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 21:10 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 21:10 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 21:10 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 21:10 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 21:10 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 21:10 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 21:10 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 21:10 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 21:10 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 21:10 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 21:10 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 21:10 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 21:10 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 21:10 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 21:10 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 21:10 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 21:10 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 21:10 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 21:10 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 21:10 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 21:10 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 21:10 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 21:10 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 21:10 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 21:10 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 21:09 - 2014-12-04 03:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 21:09 - 2014-12-04 03:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 21:09 - 2014-12-02 00:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 18:36 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 18:36 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 18:23 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 18:23 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 18:07 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:07 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:07 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 18:00 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 18:00 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 18:00 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 18:00 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 18:00 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 18:00 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-09 16:42 - 2014-12-09 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 17:40 - 2014-12-07 17:40 - 00003232 _____ () C:\Windows\System32\Tasks\{8F3810A8-8539-4D2D-9CC1-243F514CA450}
2014-12-07 17:37 - 2014-12-07 17:37 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Roxio Log Files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 15:39 - 2010-11-05 18:55 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Skype
2015-01-06 15:11 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:11 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 15:04 - 2012-06-04 18:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-06 15:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 14:55 - 2013-03-13 15:17 - 00000868 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 11:31 - 2014-11-30 21:26 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Origin
2015-01-06 11:26 - 2010-11-05 23:43 - 00007603 _____ () C:\Users\Emil\AppData\Local\resmon.resmoncfg
2015-01-06 11:21 - 2010-11-05 16:44 - 00000000 ____D () C:\Users\Emil
2015-01-05 15:38 - 2014-05-10 10:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-04 11:47 - 2014-08-21 15:48 - 00000000 ____D () C:\Users\Emil\AppData\Local\Adobe
2015-01-04 11:46 - 2011-06-17 13:01 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-04 11:46 - 2011-03-16 17:12 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-04 11:35 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-04 10:43 - 2010-11-05 22:44 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\uTorrent
2015-01-04 02:12 - 2009-08-04 02:14 - 00672244 _____ () C:\Windows\system32\perfh01D.dat
2015-01-04 02:12 - 2009-08-04 02:14 - 00147142 _____ () C:\Windows\system32\perfc01D.dat
2015-01-04 02:12 - 2009-07-14 06:13 - 01607144 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 01:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2014-12-30 17:37 - 2010-06-21 14:38 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-30 17:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-30 17:18 - 2012-06-04 19:02 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-30 17:18 - 2012-06-04 19:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-12-30 17:18 - 2012-06-04 19:01 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-29 21:38 - 2010-06-21 23:26 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-24 12:00 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\Spotify
2014-12-20 18:29 - 2014-04-18 13:46 - 00000000 ____D () C:\Users\Emil\AppData\Local\Spotify
2014-12-19 15:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-19 15:28 - 2014-09-18 20:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-19 15:28 - 2010-06-21 14:41 - 00000000 ____D () C:\ProgramData\Skype
2014-12-13 11:08 - 2013-02-25 23:32 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 11:08 - 2013-02-25 23:32 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 11:08 - 2012-06-04 19:01 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 09:03 - 2012-06-04 19:02 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 09:03 - 2012-06-04 19:02 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 09:03 - 2012-06-04 19:02 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-13 00:11 - 2012-06-04 19:02 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-11 16:12 - 2014-05-06 19:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 21:25 - 2013-08-14 22:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 21:23 - 2010-11-06 13:41 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 16:55 - 2013-03-13 15:17 - 00003806 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-10 16:55 - 2012-03-30 12:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 16:55 - 2011-05-17 13:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 15:53 - 2012-05-03 19:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 17:35 - 2012-04-22 19:34 - 00812544 ___SH () C:\Users\Emil\Downloads\Thumbs.db
2014-12-08 20:05 - 2010-11-05 16:45 - 00077488 _____ () C:\Users\Emil\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-08 20:04 - 2009-07-14 05:45 - 04942400 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 17:27 - 2014-05-10 10:32 - 00000000 ____D () C:\Users\Public\Documents\Sports Interactive
2014-12-07 17:27 - 2014-05-10 10:32 - 00000000 ____D () C:\Users\Emil\Documents\Sports Interactive
2014-12-07 17:23 - 2010-11-05 18:50 - 00000000 ____D () C:\Users\Emil\AppData\Roaming\DAEMON Tools Lite

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 16:05

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by Emil at 2015-01-06 15:41:55
Running from C:\Users\Emil\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI - Svenska (HKLM-x32\...\{AC76BA86-7AD7-1053-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.1211.1547.28237 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Free M4a to MP3 Converter 7.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Excel 2003 (HKLM-x32\...\{9016041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{9017041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM-x32\...\{901B041D-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 sv-SE) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 sv-SE)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA 3D Vision drivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA Grafikdrivrutin 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvara 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TP-LINK 300Mbps Wireless USB Adapter Drivrutin (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
TP-LINK trådlösa konfigurationsverktyg (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Unity Web Player (HKU\S-1-5-21-2515754121-790960676-2067547957-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 21:24:53 Windows Update
29-12-2014 21:45:50 AA11
29-12-2014 22:00:56 Removed THX TruStudio PC
30-12-2014 17:30:44 AA11
30-12-2014 17:36:47 Removed Windows Live ID Sign-in Assistant
30-12-2014 17:37:09 Removed Windows Live Sync
30-12-2014 17:37:26 Removed Windows Live Upload Tool
30-12-2014 17:39:04 AA11
30-12-2014 17:48:12 AA11
04-01-2015 00:07:10 Registry First Aid backup
04-01-2015 01:29:31 Removed MSXML 4.0 SP2 (KB973688)
04-01-2015 02:15:34 Windows Update
04-01-2015 11:44:55 Removed Adobe Reader XI (11.0.10) - Svenska.
04-01-2015 14:30:34 DirectX har installerats

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-04 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3547A2E5-5D41-4C7B-AE62-829C3BD9EAB6} - System32\Tasks\{1271D1E9-DD48-4FCD-B1E5-5E7E11C7F2EF} => pcalua.exe -a "C:\Users\Emil\AppData\Local\Zylom Games\Trivial Pursuit Genus Edition Deluxe\GameInstlr.exe" -c --uninstall UnInstall.log
Task: {4EC724AE-C704-4809-8C8B-D41314D2F659} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A8B052B-A008-4A4B-B2AF-8C86C2E53685} - System32\Tasks\{8F3810A8-8539-4D2D-9CC1-243F514CA450} => pcalua.exe -a C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe -c /x {537BF16E-7412-448C-95D8-846E85A1D817}
Task: {ACFD230F-7855-40FB-B0AA-FFCDAAAA52E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {CC4F2EFB-B9A1-464E-A618-1D2C652B3AA8} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-EMIL-DATOR => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {E0307EE1-A685-4497-866D-316384422510} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {F4CC414E-E3D2-42ED-A23B-F7BB164E8AED} - System32\Tasks\{2949D93F-0AD1-4C9B-AF0B-7EB55A0CE734} => Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/sv/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-06-04 19:02 - 2014-12-13 09:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-23 20:19 - 2014-10-23 20:19 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1053.dll
2014-12-09 16:42 - 2014-12-09 16:43 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

========================= Accounts: ==========================

Administratör (S-1-5-21-2515754121-790960676-2067547957-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2515754121-790960676-2067547957-1006 - Limited - Enabled)
Emil (S-1-5-21-2515754121-790960676-2067547957-1001 - Administrator - Enabled) => C:\Users\Emil
Gäst (S-1-5-21-2515754121-790960676-2067547957-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2515754121-790960676-2067547957-1004 - Limited - Enabled)
Mcx1-EMIL-DATOR (S-1-5-21-2515754121-790960676-2067547957-1007 - Limited - Enabled) => C:\Users\Mcx1-EMIL-DATOR

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/06/2015 02:35:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Det finns ett fel i manifest- eller principfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 på rad C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
En komponentversion som begärs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/06/2015 00:58:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Det finns ett fel i manifest- eller principfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 på rad C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
En komponentversion som begärs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/06/2015 00:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Det gick inte att skapa aktiveringskontext för C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1. Det finns ett fel i manifest- eller principfilen C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2 på rad C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
En komponentversion som begärs av programmet står i konflikt med en annan komponentversion som redan är aktiv.
Följande komponenter orsakar konflikten:
Komponent 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponent 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:06:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Det gick inte att skapa aktiveringskontext för WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1. Det finns ett fel i manifest- eller principfilen WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2 på rad WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Den komponentidentitet som hittades i manifestet matchar inte identiteten i den komponent som begärdes.
Referens är WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition är WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Använd sxstrace.exe om du vill diagnostisera ytterligare.


System errors:
=============
Error: (01/06/2015 03:04:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/06/2015 03:04:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/06/2015 11:32:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/06/2015 11:32:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/06/2015 11:24:52 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/06/2015 11:24:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/06/2015 11:14:57 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Namnet WORKGROUP      :1d kunde inte registreras på det gränssnitt som har IP-adressen 192.168.1.82.
Den dator som har IP-adressen 192.168.1.253 tillät inte att den här datorn
använder namnet.

Error: (01/06/2015 11:14:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126

Error: (01/06/2015 11:14:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten sbapifs kunde inte startas på grund av följande fel: 
%%2

Error: (01/05/2015 05:21:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT instans)
Description: Det gick inte att starta modulen för WLAN-utökningsmöjligheter.

Modulsökväg: C:\Windows\system32\Rtlihvs.dll
Felkod: 126


Microsoft Office Sessions:
=========================
Error: (01/06/2015 02:35:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Emil\Downloads\esetsmartinstaller_enu.exe

Error: (01/06/2015 00:58:10 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Emil\Downloads\esetsmartinstaller_enu.exe

Error: (01/06/2015 00:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Emil\Downloads\esetsmartinstaller_enu.exe

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 571042

Error: (01/05/2015 04:31:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/05/2015 04:22:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/05/2015 04:06:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8


CodeIntegrity Errors:
===================================
  Date: 2015-01-04 00:48:36.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-04 00:48:35.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-06 15:49:34.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-30 13:22:40.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:24:47.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:24:47.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:16:48.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-17 23:16:47.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 20:39:02.930
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\ATI Technologies\Multimedia\AMDMFTDecoder_64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-06 20:39:02.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 28%
Total physical RAM: 8119.08 MB
Available physical RAM: 5794.71 MB
Total Pagefile: 16236.34 MB
Available Pagefile: 13582.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:688.62 GB) (Free:535.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=118 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=688.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 AM

Posted 06 January 2015 - 10:23 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users