Infection: URL:Mal

EldARon · August 18, 2013

Hello

I starded getting Malicious url blocked messages from Avast on one website I'm a webmaster of. So I went about scanning the website for virus and trojans with antivirus our webhoster supplies. Nothing found. Scanned the site with unmaskparasites.com and wepawet.iseclab.org. Both say the site is clean.

I did full scan of my PC with Avast, but it didn't find anything.

I then did a scan with Malwarebytes Anti-Malware and it found something and cleaned it out. See report below. I restarted my PC, but still gotthe same errors. Ran Malwarebytes Anti-Malware again but the system is now clean. I did another Avast full scan and a boot scan, nothing. I downloaded and ran Microsoft's Malicious Software Removal Tool, but nothing.

So you last hope.

--------------------------------

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.08.17.03

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16660

EldARon :: ELDARONBOOK [administrator]

17/08/2013 20:49:47

mbam-log-2013-08-17 (20-49-47).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 220915

Time elapsed: 2 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\EldARon\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

Files Detected: 15

C:\Users\EldARon\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\BabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizePro.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\WajamC.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\1223A1C5-BAB0-7891-AFD0-79EFA3615D08\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\1223A1C5-BAB0-7891-AFD0-79EFA3615D08\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\1223A1C5-BAB0-7891-AFD0-79EFA3615D08\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\1223A1C5-BAB0-7891-AFD0-79EFA3615D08\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\1223A1C5-BAB0-7891-AFD0-79EFA3615D08\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\455B2CB7-BAB0-7891-BADA-DB79B7BC060D\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\455B2CB7-BAB0-7891-BADA-DB79B7BC060D\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\455B2CB7-BAB0-7891-BADA-DB79B7BC060D\Latest\ccp.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\455B2CB7-BAB0-7891-BADA-DB79B7BC060D\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Local\Temp\455B2CB7-BAB0-7891-BADA-DB79B7BC060D\Latest\Setup.exe (PUP.Babylon.A) -> Quarantined and deleted successfully.

C:\Users\EldARon\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.

(end)

--------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660

Run by EldARon at 16:51:09 on 2013-08-18

Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.12174.8716 [GMT 2:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Livedrive\VSSService.exe

C:\Windows\system32\dashost.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Greenshot\Greenshot.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\EldARon\AppData\Local\Viber\Viber.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Livedrive\Livedrive.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe

C:\Windows\system32\DptfParticipantProcessorService.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\system32\DptfPolicyConfigTDPService.exe

C:\Windows\system32\hkcmd.exe

C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\SysWOW64\irstrtsv.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Windows\Temp\AsTouchPanel\AsPatchTouchPanel64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe

C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\EldARon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [GoogleChromeAutoLaunch_FA4699FBC1FF1DB539573EB2E5C92328] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [Viber] "C:\Users\EldARon\AppData\Local\Viber\Viber.exe" StartMinimized

uRun: [spotify Web Helper] "C:\Users\EldARon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [bD2FF65D3BE608844A8EED6C1A178EDC8652C0F7._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

uRun: [Google Update] "C:\Users\EldARon\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Livedrive] "C:\Program Files (x86)\Livedrive\Livedrive.exe" /setup

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: DisableCAD = dword:1

IE: E&ksporter til Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: LastPass - C:\Users\EldARon\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\EldARon\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll

TCP: NameServer = 10.5.24.5 10.5.24.6

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E} : DHCPNameServer = 10.5.24.5 10.5.24.6

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\052796E6A7B6E656368647 : NameServer = 208.122.23.22,208.122.23.23

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\052796E6A7B6E656368647 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\1427F6E6D2E65647F5E6F6D61607 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\1427F6E6D2E65647F5E6F6D61607 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\149627C496E6B68393330303 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\75C414E402A5F6E65602D2024586560234C6F65746 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\75C414E402A5F6E65602D2024586560234C6F65746 : DHCPNameServer = 10.5.24.5 10.5.24.6

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\95F4552584F4D45494E4245425C494E4 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\B657E646563756276796365643 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}\B657E646563756276796365643 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{7D010641-DD0E-44D8-9350-B9D1870C47EE} : DHCPNameServer = 10.5.24.5 10.5.24.6

TCP: Interfaces\{8DF5C6AA-7EE0-4798-856A-C397A0CA821E} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D2F516A6-CC98-41BD-B464-1B678C41366C} : DHCPNameServer = 77.234.40.79

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator-cbfs4 - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\SysWOW64\cbfsMntNtf4.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\SysWOW64\cbfsMntNtf4.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar_x64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: BrowserHelper Class: {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar_x64.dll

x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

x64-mPolicies-System: DisableCAD = dword:1

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar_x64.dll

x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SSODL: EldosMountNotificator-cbfs4 - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\System32\cbfsMntNtf4.dll

x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-STS: Virtual Storage Mount Notification - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\System32\cbfsMntNtf4.dll

x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswKbd;aswKbd;C:\Windows\System32\Drivers\aswKbd.sys [2013-1-23 22600]

R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-16 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-16 189936]

R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-12-25 95024]

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-19 678384]

R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-1-23 1030952]

R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-1-23 378944]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 cbfs3;cbfs3;C:\Windows\System32\Drivers\cbfs3.sys [2013-3-20 352008]

R1 cbfs4;cbfs4;C:\Windows\System32\Drivers\cbfs4.sys [2013-1-19 385216]

R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-12-25 23344]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-1-19 1280768]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-1-23 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-1-23 80816]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-16 46808]

R2 LivedriveVSSService;Livedrive VSS Service;C:\Program Files (x86)\Livedrive\VSSService.exe [2013-7-29 210584]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-4-18 1227800]

R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-19 4153184]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-24 17152]

R3 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]

R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-12-25 88728]

R3 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-31 231040]

R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-11-20 62848]

R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-12-25 33944]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-12-25 178840]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-12-25 76952]

R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-12-25 576152]

R3 BthA2DP;Bluetooth Stereo;C:\Windows\System32\Drivers\BthA2DP.sys [2013-7-17 117632]

R3 BthHFAud;Bluetooth Hands-Free;C:\Windows\System32\Drivers\BthHfAud.sys [2013-3-16 30720]

R3 BthHFSrv;Bluetooth Handsfree Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2012-12-25 29696]

R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]

R3 DptfDevDram;DptfDevDram;C:\Windows\System32\Drivers\DptfDevDram.sys [2012-12-4 107328]

R3 DptfDevFan;DptfDevFan;C:\Windows\System32\Drivers\DptfDevFan.sys [2012-12-4 42816]

R3 DptfDevGen;DptfDevGen;C:\Windows\System32\Drivers\DptfDevGen.sys [2012-12-4 64832]

R3 DptfDevPch;DptfDevPch;C:\Windows\System32\Drivers\DptfDevPch.sys [2012-12-4 96576]

R3 DptfDevProc;DptfDevProc;C:\Windows\System32\Drivers\DptfDevProc.sys [2012-12-4 229184]

R3 DptfManager;DptfManager;C:\Windows\System32\Drivers\DptfManager.sys [2012-12-4 363328]

R3 DptfParticipantProcessorService;Intel® Dynamic Platform and Thermal Framework Processor Participant Service Application;C:\Windows\System32\DptfParticipantProcessorService.exe [2012-12-4 30080]

R3 DptfPolicyConfigTDPService;Intel® Dynamic Platform and Thermal Framework Config TDP Service Application;C:\Windows\System32\DptfPolicyConfigTDPService.exe [2012-12-4 31616]

R3 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]

R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-12-4 21152]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-12-4 342528]

R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R3 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-12-25 129856]

R3 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-12-25 193576]

R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-25 166720]

R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\Drivers\L1C63x64.sys [2012-12-4 110744]

R3 PSI;PSI;C:\Windows\System32\Drivers\psi_mf_amd64.sys [2013-4-18 18456]

R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\Drivers\teamviewervpn.sys [2013-1-19 35112]

R3 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-25 365376]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\Drivers\viahduaa.sys [2012-12-4 2206864]

R3 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-4 27768]

R3 vpnpbus;EldoS PnP Virtual Bus driver;C:\Windows\System32\Drivers\vpnpbus.sys [2013-6-29 18624]

R3 WakeupService;ASUS Wake Service;C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [2012-11-16 42336]

R3 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-31 323584]

S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-4-18 659992]

S3 cmusbser;Cmotech USB Device for Legacy Serial Communication;C:\Windows\System32\Drivers\cmusbser.sys [2013-5-29 112768]

S3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-12-25 43800]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-6-22 19032]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-6-22 12384]

S3 Revoflt;Revoflt;C:\Windows\System32\Drivers\revoflt.sys [2013-8-18 31800]

S3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

.

=============== Created Last 30 ================

.

2013-08-18 13:06:46 -------- d-----w- C:\Users\EldARon\AppData\Local\VS Revo Group

2013-08-18 13:06:43 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys

2013-08-18 13:06:43 -------- d-----w- C:\ProgramData\VS Revo Group

2013-08-18 13:06:41 -------- d-----w- C:\Program Files\VS Revo Group

2013-08-17 18:49:27 -------- d-----w- C:\Users\EldARon\AppData\Roaming\Malwarebytes

2013-08-17 18:49:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-17 18:49:15 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-17 18:49:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-17 10:12:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-08-17 03:46:07 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-08-17 03:46:07 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-08-17 03:46:06 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-09 21:07:47 -------- d-----w- C:\Program Files (x86)\Livedrive

2013-08-09 21:07:43 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-08-09 17:31:06 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-08-09 17:31:05 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-08-09 17:27:29 -------- d-----w- C:\ProgramData\Babylon

2013-08-08 17:32:22 -------- d-----w- C:\Users\EldARon\Documents

2013-07-27 18:22:02 262096 ----a-w- C:\Windows\System32\gcp_portmon64.dll

2013-07-27 18:14:38 -------- d-----w- C:\Users\EldARon\AppData\Roaming\Microsoft Corporation

2013-07-27 18:02:01 15604224 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe

2013-07-26 15:14:04 -------- d-----w- C:\Users\EldARon\AppData\Local\File Renamer Basic

2013-07-25 08:12:10 -------- d-----w- C:\Users\EldARon\AppData\Local\QNAP

2013-07-25 06:22:50 -------- d-----w- C:\Program Files (x86)\QNAP

2013-07-19 17:08:11 -------- d-----w- C:\Users\EldARon\AppData\Roaming\PPT2Video

2013-07-19 17:04:34 -------- d-----w- C:\ProgramData\Moyea

2013-07-19 17:03:58 438272 ----a-w- C:\Windows\SysWow64\Mpeg2DecFilter.ax

2013-07-19 17:03:58 139264 ----a-w- C:\Windows\SysWow64\xvid.ax

2013-07-19 16:31:43 -------- d-----w- C:\Windows\PCHEALTH

2013-07-19 16:29:17 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-07-19 16:29:09 -------- d-----w- C:\Users\EldARon\AppData\Local\Microsoft Help

.

==================== Find3M ====================

.

2013-08-18 13:50:07 437 ----a-w- C:\Users\EldARon\AppData\Roaming\sp_data.sys

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll

2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll

2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll

2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll

2013-07-02 08:18:55 101680 ----a-w- C:\Windows\SysWow64\stkMonitor.dll

2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-07-01 08:25:12 19032 ------w- C:\Windows\System32\pwdrvio.sys

2013-07-01 08:25:10 3151040 ----a-w- C:\Windows\System32\pwNative.exe

2013-07-01 08:25:10 12384 ------w- C:\Windows\System32\pwdspio.sys

2013-06-28 09:21:59 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-06-28 09:21:59 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-06-05 15:10:42 9064 ----a-w- C:\Windows\System32\elevtmsg.dll

2013-06-05 15:10:20 120168 ----a-w- C:\Windows\System32\cbfsNetRdr4.dll

2013-06-05 15:10:12 217448 ----a-w- C:\Windows\SysWow64\cbfsNetRdr4.dll

2013-06-05 15:09:26 182632 ----a-w- C:\Windows\System32\cbfsMntNtf4.dll

2013-06-05 15:08:54 156520 ----a-w- C:\Windows\SysWow64\cbfsMntNtf4.dll

2013-06-05 15:02:50 18624 ----a-w- C:\Windows\System32\drivers\vpnpbus.sys

2013-06-05 15:02:30 385216 ----a-w- C:\Windows\System32\drivers\cbfs4.sys

2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe

2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll

2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-06-01 03:08:26 117632 ----a-w- C:\Windows\System32\drivers\BthA2DP.sys

2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys

2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi

2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe

2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi

2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe

2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll

2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

.

============= FINISH: 16:51:18.66 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8

Boot Device: \Device\HarddiskVolume1

Install Date: 18/01/2013 23:02:09

System Uptime: 18/08/2013 15:47:00 (1 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | S400CA

Processor: Intel® Core i5-3317U CPU @ 1.70GHz | SOCKET 0 | 1701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 54 GiB total, 26.329 GiB free.

D: is FIXED (NTFS) - 57 GiB total, 37.176 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: avast! SecureLine TAP Adapter

Device ID: ROOT\NET\0001

Manufacturer: TAP-Windows Provider V9

Name: avast! SecureLine TAP Adapter

PNP Device ID: ROOT\NET\0001

Service: tap0901

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

ASUS VivoBook

Adobe AIR

Adobe Digital Editions 2.0

Adobe Reader X (10.1.7) MUI

Alcor Micro USB Card Reader

Amazon Send to Kindle

ASUS Instant Connect

ASUS InstantOn

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS S Series Product Demo

ASUS Smart Gesture

ASUS Splendid Video Enhancement Technology

ASUS USB Charger Plus

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATK Package

avast! Pro Antivirus

Boxcryptor Classic 1.6

calibre 64bit

CCleaner

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Easy Photo Uploader 2.0.7.0

ExpressCache

Google Chrome

Google Cloud Printer

Google Drive

Google Talk Plugin

Google Update Helper

Greenshot 1.1.5.2643

Helium

HTC BMP USB Driver

Intel® Dynamic Platform and Thermal Framework

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Start Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

LastPass (uninstall only)

Livedrive

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft Mouse and Keyboard Center

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Norwegian (Bokmål)) 2010

Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010

Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010

Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010

Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010

Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proof (Norwegian (Bokmål)) 2010

Microsoft Office Proof (Norwegian (Nynorsk)) 2010

Microsoft Office Proofing (Norwegian (Bokmål)) 2010

Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010

Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010

Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010

Microsoft Office Word MUI (Norwegian (Bokmål)) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ Run Time Lib Setup

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2758694)

MyFreeCodec

PeaZip 5.0 (WIN64)

Platform

QNAP Qfinder

Qualcomm Atheros Bluetooth Suite (64)

Qualcomm Atheros Client Installation Program

Revo Uninstaller Pro 3.0.7

Secunia PSI (3.0.0.7009)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shared C Run-time for x64

Spotify

TeamViewer 8

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VIA Platform Device Manager

Viber

VLC media player 2.0.8

Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153)

Xibo Player

.

==== Event Viewer Messages From Past Week ========

.

18/08/2013 15:47:01, Error: volmgr [46] - Crash dump initialization failed!

18/08/2013 15:47:01, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.

18/08/2013 15:29:48, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

.

==== End Of File ===========================

Maniac · August 18, 2013

Hello EldARon and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

Step 3

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

Junkware Removal Tool log
AdwCleaner log
OTL with Extras.txt

EldARon · August 18, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.9 (08.17.2013:3)

OS: Windows 8 x64

Ran by EldARon on 18/08/2013 at 17:34:57.81

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi

Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ai_recyclebin"

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/08/2013 at 17:39:14.18

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

EldARon · August 18, 2013

# AdwCleaner v2.306 - Logfile created 08/18/2013 at 17:42:38

# Updated 19/07/2013 by Xplode

# Operating system : Windows 8 (64 bits)

# User : EldARon - ELDARONBOOK

# Boot Mode : Normal

# Running from : D:\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKLM\Software\DataMngr

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v29.0.1547.57

File : C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [826 octets] - [18/08/2013 17:41:36]

AdwCleaner[s1].txt - [762 octets] - [18/08/2013 17:42:38]

########## EOF - C:\AdwCleaner[s1].txt - [821 octets] ##########

EldARon · August 18, 2013

OTL logfile created on: 18/08/2013 17:46:40 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

11.89 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 83.23% Memory free

11.89 Gb Paging File | 9.66 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 53.97 Gb Total Space | 25.85 Gb Free Space | 47.90% Space Free | Partition Type: NTFS

Drive D: | 56.52 Gb Total Space | 35.33 Gb Free Space | 62.51% Space Free | Partition Type: NTFS

Computer Name: ELDARONBOOK | User Name: EldARon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/18 17:40:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe

PRC - [2013/08/16 05:21:43 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/07/29 11:34:30 | 001,814,680 | ---- | M] (Livedrive Internet Ltd) -- C:\Program Files (x86)\Livedrive\Livedrive.exe

PRC - [2013/07/12 18:30:01 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

PRC - [2013/07/08 13:09:10 | 011,596,128 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

PRC - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2013/07/08 12:59:02 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

PRC - [2013/05/30 05:50:58 | 001,739,472 | ---- | M] () -- C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe

PRC - [2013/05/10 09:57:32 | 000,037,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe

PRC - [2013/05/10 09:57:24 | 001,465,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/05/05 15:21:54 | 000,906,240 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\Viber.exe

PRC - [2013/04/18 15:56:22 | 001,227,800 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2013/04/18 15:56:10 | 000,563,224 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2013/02/02 10:40:58 | 000,375,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2012/10/26 16:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2012/10/17 21:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2012/10/05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2012/09/14 15:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2012/08/31 21:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe

PRC - [2012/05/28 12:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

PRC - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/16 05:21:41 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll

MOD - [2013/08/16 05:21:39 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll

MOD - [2013/08/16 05:20:49 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\libglesv2.dll

MOD - [2013/08/16 05:20:48 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\libegl.dll

MOD - [2013/08/16 05:20:46 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll

MOD - [2013/08/08 18:40:55 | 000,557,056 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\sqldrivers\qsqlite.dll

MOD - [2013/08/08 18:40:52 | 012,591,104 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\libViber.dll

MOD - [2013/08/08 18:40:52 | 000,827,392 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\platforms\qwindows.dll

MOD - [2013/08/08 18:40:51 | 000,679,936 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\libGLESv2.dll

MOD - [2013/08/08 18:40:51 | 000,286,720 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qtiff.dll

MOD - [2013/08/08 18:40:51 | 000,221,184 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qmng.dll

MOD - [2013/08/08 18:40:51 | 000,212,992 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qjpeg.dll

MOD - [2013/08/08 18:40:51 | 000,065,536 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\libEGL.dll

MOD - [2013/08/08 18:40:51 | 000,024,576 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qico.dll

MOD - [2013/08/08 18:40:51 | 000,024,576 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qgif.dll

MOD - [2013/08/08 18:40:51 | 000,016,384 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qwbmp.dll

MOD - [2013/08/08 18:40:51 | 000,016,384 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qtga.dll

MOD - [2013/08/08 18:40:51 | 000,016,384 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\3.1.0.887\imageformats\qsvg.dll

MOD - [2013/07/29 11:38:06 | 000,068,760 | ---- | M] () -- C:\Program Files (x86)\Livedrive\Native.dll

MOD - [2013/07/29 11:30:10 | 000,821,248 | ---- | M] () -- C:\Program Files (x86)\Livedrive\Localisation.dll

MOD - [2013/05/30 05:50:58 | 001,739,472 | ---- | M] () -- C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe

MOD - [2013/05/10 09:57:24 | 000,305,728 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll

MOD - [2013/05/05 15:21:54 | 000,906,240 | ---- | M] () -- C:\Users\EldARon\AppData\Local\Viber\Viber.exe

MOD - [2012/07/27 22:51:34 | 006,549,432 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll

MOD - [2011/07/28 16:20:34 | 000,270,336 | ---- | M] () -- C:\Program Files (x86)\Livedrive\AlphaFS.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/07/02 02:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2013/06/01 11:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/04 08:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2013/05/04 08:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2013/04/09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2013/03/02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2013/03/02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2013/01/10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2013/01/10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2013/01/07 21:04:48 | 001,280,768 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2012/11/16 13:35:50 | 000,042,336 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe -- (WakeupService)

SRV:64bit: - [2012/11/06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/10/22 10:44:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [On_Demand | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)

SRV:64bit: - [2012/10/01 04:51:46 | 000,031,616 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)

SRV:64bit: - [2012/10/01 04:51:44 | 000,030,080 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)

SRV:64bit: - [2012/09/20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012/09/20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/07/26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012/07/26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/26 05:05:12 | 000,331,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)

SRV:64bit: - [2012/07/26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/04/20 16:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2012/03/30 14:54:10 | 000,079,664 | ---- | M] (Diskeeper Corporation) [On_Demand | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)

SRV - [2013/07/29 11:38:12 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Livedrive\VSSService.exe -- (LivedriveVSSService)

SRV - [2013/07/08 13:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/18 15:56:22 | 001,227,800 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2013/04/18 15:56:14 | 000,659,992 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2012/11/06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/11/02 09:19:54 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/10/31 22:57:44 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [On_Demand | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2012/10/31 22:03:00 | 000,323,584 | R--- | M] (Atheros) [On_Demand | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)

SRV - [2012/10/05 17:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2012/07/30 14:27:58 | 000,193,576 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)

SRV - [2012/07/26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/17 16:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/07/17 16:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/06/27 14:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2012/06/25 12:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/04/13 12:14:00 | 000,277,120 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)

SRV - [2011/11/21 16:19:50 | 000,096,896 | ---- | M] (ASUS) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/02 02:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2013/07/02 00:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2013/07/01 10:25:12 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2013/07/01 10:25:10 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2013/06/28 11:21:59 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/06/28 11:21:59 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/06/28 11:21:59 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/06/05 17:02:50 | 000,018,624 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\vpnpbus.sys -- (vpnpbus)

DRV:64bit: - [2013/06/05 17:02:30 | 000,385,216 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cbfs4.sys -- (cbfs4)

DRV:64bit: - [2013/06/01 13:54:16 | 000,194,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2013/06/01 13:29:35 | 000,337,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2013/06/01 13:29:35 | 000,213,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2013/06/01 05:08:26 | 000,117,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthA2DP.sys -- (BthA2DP)

DRV:64bit: - [2013/05/09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/05/09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)

DRV:64bit: - [2013/05/04 09:34:17 | 000,446,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2013/05/04 09:34:15 | 000,284,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2013/04/30 10:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2013/04/18 15:55:50 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys -- (PSI)

DRV:64bit: - [2013/03/19 01:36:42 | 000,678,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)

DRV:64bit: - [2013/03/02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2013/03/02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2013/03/02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2013/02/02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2013/02/02 09:24:42 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthHfAud.sys -- (BthHFAud)

DRV:64bit: - [2013/01/29 19:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)

DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2013/01/10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/11/28 19:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\teamviewervpn.sys -- (teamviewervpn)

DRV:64bit: - [2012/11/27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/20 11:57:28 | 000,062,848 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)

DRV:64bit: - [2012/11/20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/19 01:57:58 | 003,728,384 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)

DRV:64bit: - [2012/11/10 11:50:36 | 000,352,008 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\cbfs3.sys -- (cbfs3)

DRV:64bit: - [2012/11/06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/11/02 09:19:38 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/10/31 22:37:42 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2012/10/31 22:37:38 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2012/10/31 22:37:36 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2012/10/31 22:37:36 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2012/10/31 22:37:34 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2012/10/26 12:28:30 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2012/10/22 12:13:04 | 002,206,864 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV:64bit: - [2012/10/12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012/10/01 04:51:44 | 000,363,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfManager.sys -- (DptfManager)

DRV:64bit: - [2012/10/01 04:51:44 | 000,229,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevProc.sys -- (DptfDevProc)

DRV:64bit: - [2012/10/01 04:51:44 | 000,107,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevDram.sys -- (DptfDevDram)

DRV:64bit: - [2012/10/01 04:51:44 | 000,096,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevPch.sys -- (DptfDevPch)

DRV:64bit: - [2012/10/01 04:51:44 | 000,064,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevGen.sys -- (DptfDevGen)

DRV:64bit: - [2012/10/01 04:51:44 | 000,042,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\DptfDevFan.sys -- (DptfDevFan)

DRV:64bit: - [2012/09/20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012/09/20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/08/02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2012/07/30 14:27:52 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)

DRV:64bit: - [2012/07/26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012/07/26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)

DRV:64bit: - [2012/07/26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/24 20:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2012/07/19 11:21:42 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)

DRV:64bit: - [2012/06/02 16:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2012/06/02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

DRV:64bit: - [2012/06/02 16:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2012/06/02 16:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)

DRV:64bit: - [2012/05/31 05:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)

DRV:64bit: - [2012/03/30 14:54:16 | 000,095,024 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)

DRV:64bit: - [2012/03/30 14:54:16 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/06/08 14:32:26 | 000,112,768 | ---- | M] (C-motech Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\cmusbser.sys -- (cmusbser)

DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)

DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

IE - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001\..\SearchScopes\{4B6445FB-3B06-4559-932D-B3B64EE769DF}: "URL" = http://no.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

IE - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files\LastPass\nplastpass64.dll (LastPass)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@lastpass.com/NPLastPass: C:\Program Files\LastPass\nplastpass.dll (LastPass)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\EldARon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\EldARon\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\EldARon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\EldARon\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\EldARon\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://google.no/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: ChromeAccess = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeoigbhkilbllfomkmmilbfochhlgdmh\1.6_0\

CHR - Extension: Middle Click To Go Back = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amgokbkbhplbkpjlknhglinkhghamagm\1.8.1_0\

CHR - Extension: Google Docs = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\

CHR - Extension: Google Drive = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\

CHR - Extension: Spotify - Music for every moment = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\

CHR - Extension: Google Search = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: scrambls = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehpenaidkmbjdlkbfhlkkhmhfckimokm\0.4.2544_0\

CHR - Extension: Gmail Offline = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\

CHR - Extension: Google Calendar = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\

CHR - Extension: Photo Zoom for Facebook = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\

CHR - Extension: Netflix = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\flamebdjodllakngbclbdikiedmgdnbb\1.0.1_0\

CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\1_0\

CHR - Extension: AdBlock = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0\

CHR - Extension: Netflix Enhancements = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\glefmeoggphbdgeddmnmhfejpiipcmlf\0.2.4_0\

CHR - Extension: Google Calendar (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\

CHR - Extension: avast! Online Security = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_1\

CHR - Extension: PageSpeed Insights (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.3.3_0\

CHR - Extension: Spotify Chrome Extension = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb\1.0.3_0\

CHR - Extension: LastPass = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.3_0\

CHR - Extension: Keep My Opt-Outs = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\

CHR - Extension: Eye Dropper = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.3.2_0\

CHR - Extension: Google Keep = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\0.1.13302.446_0\

CHR - Extension: mysms - Text anywhere = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb\3.3.0_0\

CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_0\

CHR - Extension: Cloud Reader = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0\

CHR - Extension: Google +1 Button = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\

CHR - Extension: Livedrive = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnelgncdocjncgfbdnablfpagigfiedh\1.0.0.2_0\

CHR - Extension: Smooth Gestures = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.7_0\

CHR - Extension: User-Agent Switcher = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkmofgnohbedopheiphabfhfjgkhfcgf\2.0_0\

CHR - Extension: Google Dictionary (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\

CHR - Extension: Ghostery = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\

CHR - Extension: LastPass Vault = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf\2.0.21_0\

CHR - Extension: Special characters = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nipbfgjelgfmhomikiffppkdpmienjnp\2.3_0\

CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\

CHR - Extension: Facebook Notifications = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\

CHR - Extension: Google Wallet Service = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.8_0\

CHR - Extension: Personal Blocklist (by Google) = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.4.1_0\

CHR - Extension: Google Chrome to Phone Extension = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.2_0\

CHR - Extension: Auto-Translate = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgoiaeapddkeekbocomnjlckbbfapmk\2.1.1_1\

CHR - Extension: Last Tab Back = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijipkokfkhgojikimbbcafnbppebnhe\0.7.3.1_0\

CHR - Extension: Google Quick Scroll = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\2.1.2_1\

CHR - Extension: Stylist = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd\2.1.0_0\

CHR - Extension: Gmail = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

CHR - Extension: Push to Kindle = C:\Users\EldARon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnaiinchjaonopoejhknmgjingcnaloc\1.0_0\

O1 HOSTS File: ([2012/07/26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar_x64.dll (LastPass)

O2:64bit: - BHO: (BrowserHelper Class) - {EDF48A39-1442-463F-9F4E-F376A78D034A} - C:\Program Files (x86)\Livedrive\ExplorerExtensions.dll (Livedrive Internet Ltd)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar_x64.dll (LastPass)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe (Greenshot)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001..\Run: [bD2FF65D3BE608844A8EED6C1A178EDC8652C0F7._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001..\Run: [GoogleChromeAutoLaunch_FA4699FBC1FF1DB539573EB2E5C92328] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

O4 - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001..\Run: [Livedrive] C:\Program Files (x86)\Livedrive\Livedrive.exe (Livedrive Internet Ltd)

O4 - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001..\Run: [spotify Web Helper] C:\Users\EldARon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)

O4 - HKU\S-1-5-21-1280088361-2776238406-1351278418-1001..\Run: [Viber] C:\Users\EldARon\AppData\Local\Viber\Viber.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar_x64.dll (LastPass)

O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar_x64.dll (LastPass)

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/NO/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.24.5 10.5.24.6

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}: DhcpNameServer = 10.5.24.5 10.5.24.6

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46973003-7D92-4660-B0AB-DFEE6FFBD47E}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D010641-DD0E-44D8-9350-B9D1870C47EE}: DhcpNameServer = 10.5.24.5 10.5.24.6

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF5C6AA-7EE0-4798-856A-C397A0CA821E}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2F516A6-CC98-41BD-B464-1B678C41366C}: DhcpNameServer = 77.234.40.79

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O21 - SSODL: EldosMountNotificator-cbfs4 - {436E8C88-D66A-4002-8F76-0EB4172069C8} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {436E8C88-D66A-4002-8F76-0EB4172069C8} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)

O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)

O22 - SharedTaskScheduler: {436E8C88-D66A-4002-8F76-0EB4172069C8} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)

O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4ca3551a-c6ea-11e2-be98-6c71d93b04ba}\Shell - "" = AutoRun

O33 - MountPoints2\{4ca3551a-c6ea-11e2-be98-6c71d93b04ba}\Shell\AutoRun\command - "" = "E:\Launcher.exe"

O33 - MountPoints2\{72a6e64f-61b9-11e2-be71-6c71d93b04ba}\Shell - "" = AutoRun

O33 - MountPoints2\{72a6e64f-61b9-11e2-be71-6c71d93b04ba}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe"

O33 - MountPoints2\{72a6e7e5-61b9-11e2-be71-6c71d93b04ba}\Shell - "" = AutoRun

O33 - MountPoints2\{72a6e7e5-61b9-11e2-be71-6c71d93b04ba}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe"

O33 - MountPoints2\{f2f1c47e-df3a-11e2-bea7-50465d442297}\Shell - "" = AutoRun

O33 - MountPoints2\{f2f1c47e-df3a-11e2-bea7-50465d442297}\Shell\AutoRun\command - "" = "E:\HTC_Sync_Manager_PC.exe"

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (sdnclean64.exe)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/18 17:34:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/18 16:53:42 | 000,000,000 | ---D | C] -- C:\Users\EldARon\Desktop\RK_Quarantine

[2013/08/18 15:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe

[2013/08/18 15:06:46 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Local\VS Revo Group

[2013/08/18 15:06:43 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2013/08/18 15:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group

[2013/08/18 15:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2013/08/18 15:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2013/08/17 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Roaming\Malwarebytes

[2013/08/17 20:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/08/17 20:49:15 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/08/17 20:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/08/17 20:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/08/17 12:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/08/09 23:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livedrive

[2013/08/09 23:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Livedrive

[2013/08/09 19:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/08/09 19:31:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2013/08/09 19:31:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2013/08/08 23:51:26 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Roaming\Mozilla

[2013/08/08 19:32:22 | 000,000,000 | ---D | C] -- C:\Users\EldARon\Documents

[2013/07/27 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Roaming\Microsoft Corporation

[2013/07/27 20:02:01 | 015,604,224 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

[2013/07/27 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

[2013/07/26 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Local\File Renamer Basic

[2013/07/25 18:43:53 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals

[2013/07/25 18:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskInternals

[2013/07/25 10:12:10 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Local\QNAP

[2013/07/25 08:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP

[2013/07/25 08:22:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP

[2013/07/19 19:08:11 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Roaming\PPT2Video

[2013/07/19 19:04:34 | 000,000,000 | ---D | C] -- D:\Documents\Moyea

[2013/07/19 19:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Moyea

[2013/07/19 19:03:58 | 000,438,272 | ---- | C] (Gabest) -- C:\Windows\SysWow64\Mpeg2DecFilter.ax

[2013/07/19 19:03:58 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax

[2013/07/19 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2013/07/19 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2013/07/19 18:31:43 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2013/07/19 18:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2013/07/19 18:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services

[2013/07/19 18:29:09 | 000,000,000 | ---D | C] -- C:\Users\EldARon\AppData\Local\Microsoft Help

[2013/07/19 18:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2013/07/19 18:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2013/07/19 18:29:03 | 000,000,000 | RH-D | C] -- C:\MSOCache

========== Files - Modified Within 30 Days ==========

[2013/08/18 17:47:15 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/08/18 17:47:09 | 000,000,416 | ---- | M] () -- C:\Users\EldARon\AppData\Roaming\sp_data.sys

[2013/08/18 17:46:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/18 17:35:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/18 17:34:04 | 000,103,100 | ---- | M] () -- C:\Users\EldARon\Desktop\Infection_ URL_Mal - Malware Removal Help - Malwarebytes Forum.pdf

[2013/08/18 16:51:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1280088361-2776238406-1351278418-1001UA.job

[2013/08/18 15:56:54 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/18 15:56:54 | 000,738,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/18 15:56:54 | 000,142,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/18 15:06:43 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/08/17 23:51:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1280088361-2776238406-1351278418-1001Core.job

[2013/08/17 20:49:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/17 10:41:30 | 015,604,224 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

[2013/08/17 10:41:30 | 000,002,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

[2013/08/17 10:41:24 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk

[2013/08/17 01:35:42 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/08/17 01:09:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/08/09 19:48:46 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/08/09 19:36:04 | 026,094,087 | ---- | M] () -- C:\Users\EldARon\Desktop\novicorp wintoflash 0.7.0057 beta.zip

[2013/07/25 19:50:44 | 000,000,600 | ---- | M] () -- C:\Users\EldARon\AppData\Local\PUTTY.RND

[2013/07/25 10:11:45 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Qfinder.lnk

[2013/07/19 18:58:33 | 000,293,090 | ---- | M] () -- D:\Documents\Presentasjon1.wmv

[2013/07/19 18:57:26 | 000,012,284 | ---- | M] () -- D:\Documents\Presentasjon1.gif

[2013/07/19 18:35:02 | 000,354,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/08/18 17:34:04 | 000,103,100 | ---- | C] () -- C:\Users\EldARon\Desktop\Infection_ URL_Mal - Malware Removal Help - Malwarebytes Forum.pdf

[2013/08/18 15:07:16 | 000,002,234 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk

[2013/08/18 15:06:43 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2013/08/17 20:49:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/17 10:41:24 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk

[2013/08/09 19:48:46 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2013/08/09 19:36:05 | 026,094,087 | ---- | C] () -- C:\Users\EldARon\Desktop\novicorp wintoflash 0.7.0057 beta.zip

[2013/07/27 20:02:04 | 000,002,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk

[2013/07/25 10:11:45 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Qfinder.lnk

[2013/07/19 18:58:33 | 000,293,090 | ---- | C] () -- D:\Documents\Presentasjon1.wmv

[2013/07/19 18:57:26 | 000,012,284 | ---- | C] () -- D:\Documents\Presentasjon1.gif

[2013/07/19 18:34:59 | 000,354,616 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/06/30 18:23:10 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI

[2013/06/27 19:38:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2013/05/09 15:17:04 | 000,000,600 | ---- | C] () -- C:\Users\EldARon\AppData\Local\PUTTY.RND

[2013/02/05 17:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2013/02/05 17:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2013/02/05 17:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2013/02/05 17:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2013/01/19 01:30:12 | 000,000,021 | ---- | C] () -- C:\Users\EldARon\AppData\Roaming\my_intel.sys

[2013/01/19 00:04:19 | 000,000,416 | ---- | C] () -- C:\Users\EldARon\AppData\Roaming\sp_data.sys

[2012/12/25 21:11:21 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll

[2012/12/04 08:12:17 | 000,004,362 | ---- | C] () -- C:\Windows\SysWow64\DptfInvalidPolicyRemover.ini

[2012/12/04 08:11:36 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin

[2012/12/04 08:11:04 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/12/04 08:11:00 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin

[2012/08/04 20:55:17 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe

[2012/08/04 20:55:17 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd

[2012/07/26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2012/07/26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2012/07/26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2012/07/26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2012/07/25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2012/07/25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012/07/25 22:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2012/07/25 22:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2012/06/02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2012/04/20 15:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/03/06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/03/06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/27 19:31:40 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Acronis

[2013/01/19 00:02:49 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\ASUS WebStorage

[2013/07/02 12:24:01 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\calibre

[2013/05/27 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\cspa

[2013/06/30 14:50:17 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Dropbox

[2013/06/30 17:28:41 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Greenshot

[2013/01/19 12:22:33 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\HTC

[2013/05/22 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Obvious Idea

[2013/06/30 14:35:47 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Opera

[2013/06/30 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\PeaZip

[2013/07/19 19:08:11 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\PPT2Video

[2013/06/30 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Samsung

[2013/07/01 00:11:04 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Spotify

[2013/05/06 20:58:27 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\TeamViewer

[2013/08/18 17:44:56 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\ViberPC

[2013/03/28 21:03:54 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Wassapp

[2013/07/18 19:48:52 | 000,000,000 | ---D | M] -- C:\Users\EldARon\AppData\Roaming\Xibo

========== Purity Check ==========

< End of report >

EldARon · August 18, 2013

OTL Extras logfile created on: 18/08/2013 17:46:40 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16660)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

11.89 Gb Total Physical Memory | 9.89 Gb Available Physical Memory | 83.23% Memory free

11.89 Gb Paging File | 9.66 Gb Available in Paging File | 81.23% Paging File free

Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 53.97 Gb Total Space | 25.85 Gb Free Space | 47.90% Space Free | Partition Type: NTFS

Drive D: | 56.52 Gb Total Space | 35.33 Gb Free Space | 62.51% Space Free | Partition Type: NTFS

Computer Name: ELDARONBOOK | User Name: EldARon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1280088361-2776238406-1351278418-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PeaZip] -- Reg Error: Value error.

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PeaZip] -- Reg Error: Value error.

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{06157699-8F44-4C65-95C7-33A94FB90C5D}" = lport=137 | protocol=17 | dir=in | app=system |

"{06760685-7CD2-40CE-8470-954B72344E50}" = rport=137 | protocol=17 | dir=out | app=system |

"{22DFF464-E61E-468D-A36C-BCF98BA3030B}" = rport=139 | protocol=6 | dir=out | app=system |

"{308C4917-49C8-4C9C-B27F-3E1B1DABB843}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{47AF8D89-754C-41D1-BC1A-4FBA31443481}" = rport=138 | protocol=17 | dir=out | app=system |

"{48F212EC-8995-4E31-992E-7FC2B1075388}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{708A98E1-6A08-4C1B-860C-7FC23B156C33}" = lport=445 | protocol=6 | dir=in | app=system |

"{725D59BB-781C-46D0-81BD-71E88F46B1C2}" = rport=445 | protocol=6 | dir=out | app=system |

"{A82FA763-8184-49E7-9CBF-BB4BD075B138}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B917BBC7-35F2-4F4A-960B-4F1A63708A22}" = lport=138 | protocol=17 | dir=in | app=system |

"{C68E4603-2C08-435A-8345-1FEB97EE5DA0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{DC088CD4-A449-4220-AA58-DAC075D2044D}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0368BD54-F3B2-4507-BA76-A14FB6C63EFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{11D57377-A116-4ACA-BD9D-01327CCF8BB0}" = dir=in | name=windows phone |

"{19A081BE-1D30-4CD9-B0B5-CBC1F9300F8E}" = dir=out | name=teamviewer touch |

"{2F58A6F5-A8F9-4FF0-9F96-5FB366BCDB53}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{31F3139F-114B-4F8B-A26B-28C208282FC3}" = dir=out | name=livedrive |

"{374AD3F4-33BA-4DCA-8B3A-D8D2C69D8CFF}" = dir=out | name=netflix |

"{3DBEC6DF-309B-4BAF-9B6D-6FF8F53232A0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{41BF734E-87FB-4A20-B40A-361C7FB82256}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{470F5B96-FD6C-455E-B244-74BFC3DF99B0}" = protocol=6 | dir=in | app=c:\users\eldaron\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{4F4A36B7-7DF2-4A8F-87FD-9F697689D6D1}" = protocol=17 | dir=in | app=c:\users\eldaron\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{5F301683-C300-408E-B278-89C7DC15035A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{60E47246-3896-4474-A86C-F22CFC816A3D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{6FA9A9D6-1917-4B88-9363-909F3F4E50BB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{7758959B-3BF5-4990-B765-8765CFD9BF7C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{786EBC5F-C7EC-4A53-B2DC-DCE72DA4422C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{865A8851-EF0E-46BF-BE0E-C470C3360EED}" = dir=out | name=fresh paint |

"{8C982AE2-F758-4E75-80FF-EE162092291A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{9EA302FF-BD1B-43D8-992B-AD88D9007A8E}" = protocol=17 | dir=in | app=c:\users\eldaron\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |

"{A2FEA4CE-C93C-48BA-BC27-D843285ADC99}" = dir=out | name=microsoft solitaire collection |

"{AAFD0C47-BABA-4FC3-A725-953546F71D28}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{B2D0919C-816E-4694-965F-965CBDA44433}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B5A7C80C-D551-42E7-B831-9729A753DFBA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |

"{B94E667F-5013-4957-B1F7-E95B638E8DF9}" = dir=out | name=google search |

"{BE4E27F5-0376-40D6-AF43-8497F7CBDCC7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{C108D6F0-4E72-40E3-AD8B-FB25C6426C6F}" = dir=out | name=windows phone |

"{C92D68AE-7175-45B0-AD85-D9E27B6E3D2E}" = protocol=6 | dir=in | app=c:\users\eldaron\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{D97529D3-46EB-4CFF-A016-38F7D7094A7F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{DA800980-DF66-4AD3-A82F-79960C5BA56C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{E6173018-0036-426C-92AA-6E635E0595E5}" = dir=out | name=boxcryptor |

"{F59D361F-F149-4EF6-BC77-8F6D81C5892D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |

"{F90723BB-DAC3-4098-8936-1F65CA265A7F}" = dir=in | name=livedrive |

"{FAD774CD-F3F5-40F4-AD49-F8AC426AF399}" = dir=out | name=adera |

"{FB60E37B-8B1B-49AE-B6E6-D530C6AD5061}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{FD3AF21A-B6F0-48EA-978D-C3CFAF39541A}" = dir=in | app=c:\users\eldaron\appdata\local\viber\viber.exe |

"TCP Query User{87A78727-55EC-49F7-83AB-7805135BCF5F}C:\users\eldaron\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\eldaron\appdata\roaming\spotify\spotify.exe |

"TCP Query User{B869A20F-7FFC-4E1E-91EF-A495DD246A9C}C:\program files (x86)\livedrive\livedrive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\livedrive\livedrive.exe |

"TCP Query User{ED2B1DA6-A6EC-480F-85CD-DDEBA1275908}C:\program files (x86)\qnap\qfinder\qfinder.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qnap\qfinder\qfinder.exe |

"UDP Query User{2BE651E4-50E5-4792-B4E3-4649E4D27CB1}C:\users\eldaron\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\eldaron\appdata\roaming\spotify\spotify.exe |

"UDP Query User{7AAE80F0-8A78-455E-BF4B-E80508ECF1A9}C:\program files (x86)\livedrive\livedrive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\livedrive\livedrive.exe |

"UDP Query User{BD9B3147-CC8E-4A55-B40A-2C79152AF88D}C:\program files (x86)\qnap\qfinder\qfinder.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qnap\qfinder\qfinder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}" = ASUS VivoBook

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{24F93B56-61F5-415F-85B9-AA444DA34AFC}" = Microsoft Mouse and Keyboard Center

"{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}" = ExpressCache

"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 5.0 (WIN64)

"{5C417B29-487D-4EED-81FF-2C0E11DA9B27}_is1" = Easy Photo Uploader 2.0.7.0

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A1C4F73-1FEE-4E43-A82F-BDB24E004096}" = calibre 64bit

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0414-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Norwegian (Bokmål)) 2010

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{AB1D35FC-31E0-4872-8466-12BDF42F513D}" = Livedrive

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"5AB9160B769DD2E134ADCB8010377DECA2479378" = Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153)

"CCleaner" = CCleaner

"Greenshot_is1" = Greenshot 1.1.5.2643

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR

"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin

"{165EC3CE-C186-4DB4-BBCA-3A36A10C89BC}" = Xibo Player

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program

"{283F4A26-330A-426F-BFCB-7A92FD93ED71}" = Boxcryptor Classic 1.6

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{387AA3E2-B9FE-4DA1-A097-A0D2213E8794}" = ASUS S Series Product Demo

"{4592BAE7-B99A-47A5-9B6B-3BC236B9D3E9}" = Alcor Micro USB Card Reader

"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn

"{74AA24E0-AC50-4B28-BA46-9CF05467C9B7}" = Google Cloud Printer

"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect

"{90140000-0015-0414-0000-0000000FF1CE}" = Microsoft Office Access MUI (Norwegian (Bokmål)) 2010

"{90140000-0015-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0414-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Norwegian (Bokmål)) 2010

"{90140000-0016-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0414-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2010

"{90140000-0018-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0414-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Norwegian (Bokmål)) 2010

"{90140000-0019-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0414-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Norwegian (Bokmål)) 2010

"{90140000-001A-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0414-0000-0000000FF1CE}" = Microsoft Office Word MUI (Norwegian (Bokmål)) 2010

"{90140000-001B-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0414-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010

"{90140000-001F-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{F3137115-1D72-46BE-9D42-B5DE61971F2A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0814-0000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010

"{90140000-001F-0814-0000-0000000FF1CE}_Office14.PROPLUSR_{751049E8-D99F-4DE1-9FC2-71DE06655678}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0414-1000-0000000FF1CE}_Office14.PROPLUSR_{BBFE07A3-B32C-4D6E-B5CA-9F420106EC9D}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0414-0000-0000000FF1CE}" = Microsoft Office Proofing (Norwegian (Bokmål)) 2010

"{90140000-002C-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{66FC3637-893A-4837-A32C-0DD98E7F8444}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0414-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Norwegian (Bokmål)) 2010

"{90140000-0044-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0414-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Norwegian (Bokmål)) 2010

"{90140000-006E-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{C166254D-5FB6-4D3F-8509-3575387141B9}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0414-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2010

"{90140000-00A1-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0414-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Norwegian (Bokmål)) 2010

"{90140000-00BA-0414-0000-0000000FF1CE}_Office14.PROPLUSR_{709415CB-DE43-4F15-96F5-148545F8EDE5}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A781940-AC41-4D5E-8E1E-76A04B916FB9}" = Helium

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI

"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"3D073343-CEEB-4ce7-85AC-A69A7631B5D6" = Intel® Rapid Start Technology

"Adobe AIR" = Adobe AIR

"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0

"AmUStor" = Alcor Micro USB Card Reader

"avast" = avast! Pro Antivirus

"FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C" = Intel® Dynamic Platform and Thermal Framework

"Google Chrome" = Google Chrome

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"LastPass" = LastPass (uninstall only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"QNAP_FINDER" = QNAP Qfinder

"Secunia PSI" = Secunia PSI (3.0.0.7009)

"SendToKindle" = Amazon Send to Kindle

"TeamViewer 8" = TeamViewer 8

"VLC media player" = VLC media player 2.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1280088361-2776238406-1351278418-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MyFreeCodec" = MyFreeCodec

"Spotify" = Spotify

"Viber" = Viber

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 18/08/2013 11:44:57 | Computer Name = EldARonBook | Source = PerfOS | ID = 2011

Description =

Error - 18/08/2013 11:45:00 | Computer Name = EldARonBook | Source = VSS | ID = 8194

Description =

Error - 18/08/2013 11:45:13 | Computer Name = EldARonBook | Source = VSS | ID = 8194

Description =

Error - 18/08/2013 11:47:00 | Computer Name = EldARonBook | Source = PerfOS | ID = 2011

Description =

Error - 18/08/2013 11:47:00 | Computer Name = EldARonBook | Source = PerfOS | ID = 2011

Description =

[ System Events ]

Error - 18/08/2013 11:44:01 | Computer Name = EldARonBook | Source = Microsoft-Windows-Kernel-General | ID = 6

Description =

Error - 18/08/2013 11:44:01 | Computer Name = EldARonBook | Source = volmgr | ID = 262190

Description = Crash dump initialization failed!

< End of report >

Maniac · August 18, 2013

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[emptytemp]
[clearallrestorepoints]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

EldARon · August 18, 2013

Ran the the code:

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 57472 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: EldARon

->Temp folder emptied: 7052472 bytes

->Temporary Internet Files folder emptied: 5808380 bytes

->Google Chrome cache emptied: 58332216 bytes

->Flash cache emptied: 57993 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 213784 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 20101902 bytes

RecycleBin emptied: 46320865 bytes

Total Files Cleaned = 132.00 mb

Unable to start System Restore Service. Error code 1726

OTL by OldTimer - Version 3.2.69.0 log created on 08182013_185208

Files\Folders moved on Reboot...

C:\Users\EldARon\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

C:\Windows\temp\AsTouchPanel\AsPatchTouchPanel64.exe moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

For you information. The folder was created on D:\

Maniac · August 18, 2013

How are things now?

EldARon · August 18, 2013

I still get the error that a malicious url blocked.

EldARon · August 18, 2013

I did reverse lookup and found all the other domains on the same IP. 65 other domains. Started to check them to unmaskparasites.com and wepawet.iseclab.org. And go a hit: soma.no has a link to the following file in it's code that is suspicious: http://use.typekit.com/pod4ngl.js

That might be the culprit and Avast blocking the IP and not just the domain.

EldARon · August 18, 2013

Tree other sites also got the suspicious warning:

http://www.UnmaskParasites.com/security-report/?page=soma.no

http://www.unmaskparasites.com/security-report/?page=workbase.no

http://www.UnmaskParasites.com/security-report/?page=www.challenge4you.com

http://www.UnmaskParasites.com/security-report/?page=www.kvn.no

I don't know that much about this to know if any of the suspicious links/scripts can be harmful, but I will report them to my webhost.

This wasn't useless. We did find some "stuff" on my PC and hopefully it will be good now.

Maniac · August 18, 2013

Please keep me informed about this case. Meanwhile I will keep this thread opened.

Yes, we found some bad staffs. It is not useless at all.

AdvancedSetup · August 22, 2013

Are you still with us?

EldARon · August 22, 2013

Hello

Yes, and now everything looks ok. Avast has stopped blocking my site this morning. Thanks for all your help. I might start a new topic on an other computer at my parents. I'm suspecting that they have something on their PC too.

I have also recommended you guys to some friends! <thumps up>

AdvancedSetup · August 22, 2013

Okay then I'll go ahead and close this topic and leave you with a little clean up advice.

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

Turn off all active protection software including your antivirus.
Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please copy and past the following into the box ComboFix /Uninstall and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

Remove the rest of the tools used:

Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

AdwCleaner Removal:

Double click on AdwCleaner.exe to run the tool.
Click on Uninstall
Confirm with Yes

ESET antivirus Removal:

This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

Please read the following articles which will help you to better understand how the computer may have become infected as well as how to help prevent future infections. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

AdvancedSetup · August 22, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Infection: URL:Mal

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information