Infected with Desktop\pooler-cpuminer-2.3.2-win64\minerd.exe (Trojan.BitMiner)

robbersmiet · December 1, 2013

Hi,

2 days ago I downloaded a miner from a bitcoin forum. Everything was ok untill today! Microsoft security essentials says it blocked: exploit:java/CVE-2013-1493

Malwarebytes log says this: Desktop\pooler-cpuminer-2.3.2-win64\minerd.exe (Trojan.BitMiner)

I already browsed your forum and ran a lot of anti virus stuff but I think i'm still infected so I need some more help.

Im now scanning again with microsoft security essentials and it seems way slower than before. I have a really fast computer with a SSD and good processor etc.

Everything seems to be off somehow.

Here a report from avast online scanner:

C:\Users\Rob\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application

C:\Users\Rob\Downloads\cbsidlm-cbsi134-RAR_File_Open_Knife__Free_Opener-ORG-10971016.exe a variant of Win32/CNETInstaller.B application

C:\Users\Rob\Downloads\peazip-5.0.1.WINDOWS.exe Win32/OpenCandy application

C:\Users\Rob\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe a variant of Win32/Bundled.Toolbar.Ask.D application

robbersmiet · December 1, 2013

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2

Run by Robin at 1:53:31 on 2013-12-01

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.8169.5763 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Microsoft Security Client\MpCmdRun.exe

C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [Google Update] "C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [AdobeBridge] <no file>

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.2.254 195.121.1.34 195.121.1.66

TCP: Interfaces\{E8DB822A-E67E-4BEA-B88F-E0AD926994CF} : DHCPNameServer = 192.168.2.254 195.121.1.34 195.121.1.66

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Users\Robin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]

R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-10-6 73296]

R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [2013-12-1 62168]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-9-8 46792]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 701512]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-26 904248]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]

R3 busenum;SteelBusSvc;C:\Windows\System32\drivers\SteelBus64.sys [2012-1-20 106496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-9 25928]

R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 SAlphamHid;SteelHIDSvc;C:\Windows\System32\drivers\SAlpham64.sys [2012-1-20 34944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]

S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-7-15 49152]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-25 57856]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]

S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2012-10-11 44928]

S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2012-10-11 29696]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-24 19456]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-3-3 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-3-3 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-3-3 177640]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-15 40712]

S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2010-8-3 30720]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-24 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-24 30208]

S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-29 1255736]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

.

=============== Created Last 30 ================

.

2013-12-01 00:27:11 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B530C07-68EB-45B5-A314-54B0E53FCE99}\offreg.dll

2013-12-01 00:20:48 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B530C07-68EB-45B5-A314-54B0E53FCE99}\mpengine.dll

2013-11-30 23:38:30 -------- d-----w- C:\Users\Robin\AppData\Roaming\Foxit Software

2013-11-30 23:38:30 -------- d-----w- C:\Program Files (x86)\Foxit Software

2013-11-30 23:30:24 743248 ----a-w- C:\Windows\SysWow64\msvcp100d.dll

2013-11-30 23:30:24 1858896 ----a-w- C:\Windows\System32\msvcr100d.dll

2013-11-30 23:30:24 1498960 ----a-w- C:\Windows\SysWow64\msvcr100d.dll

2013-11-30 23:30:24 1014096 ----a-w- C:\Windows\System32\msvcp100d.dll

2013-11-30 23:30:24 -------- d-----w- C:\Program Files\Malwarebytes Anti-Exploit

2013-11-30 23:20:18 -------- d-----w- C:\Program Files (x86)\ESET

2013-11-30 23:09:33 -------- d-----w- C:\AdwCleaner

2013-11-30 23:04:42 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-30 23:03:35 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-11-30 22:30:44 -------- d-----w- C:\Windows\Migration

2013-11-30 22:29:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-30 22:29:38 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-11-30 22:29:38 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-30 22:29:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-30 22:29:38 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-30 22:29:38 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-30 22:29:38 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-11-30 22:26:21 -------- d-----w- C:\ProgramData\Oracle

2013-11-30 22:26:14 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-30 22:23:03 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-27 21:37:06 -------- d-----w- C:\Program Files (x86)\Bitcoin

2013-11-27 21:24:11 -------- d-----w- C:\Users\Robin\AppData\Roaming\Quarkcoin

2013-11-27 14:37:25 -------- d-----w- C:\Program Files (x86)\Litecoin

2013-11-20 22:08:50 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-11-20 22:08:08 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-11-20 22:07:57 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-11-20 22:07:53 -------- d-----w- C:\Users\Robin\AppData\Local\Microsoft Help

2013-11-20 22:01:03 -------- d-----w- C:\Users\Robin\AppData\Roaming\PowerISO

2013-11-20 21:05:42 -------- d-----w- C:\Users\Robin\AppData\Roaming\OpenOffice

2013-11-13 13:19:24 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-11-06 13:19:03 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DBA37E6-7D56-4E04-A179-B32AB9FABF69}\gapaengine.dll

.

==================== Find3M ====================

.

2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll

2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll

2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-10-10 13:03:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-10 13:03:24 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-10 13:03:03 17813896 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-27 08:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-09-27 08:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-23 23:58:08 225 ----a-w- C:\Users\Robin\AppData\Roaming\VideoGrid.bin

2013-09-23 23:52:28 12 ----a-w- C:\Users\Robin\AppData\Roaming\KeywordGrid.bin

2013-09-11 20:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll

2013-09-11 20:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll

2013-09-11 20:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll

2013-09-11 20:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-09-11 18:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll

2013-09-11 18:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll

2013-09-11 18:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll

2013-09-11 18:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-07 03:19:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2013-09-07 03:19:27 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2013-09-07 03:16:08 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2013-09-07 02:43:42 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 1:53:40,03 ===============

robbersmiet · December 1, 2013

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1-1-2005 22:39:09

System Uptime: 1-12-2013 0:47:47 (1 hours ago)

.

Motherboard: ASUSTeK COMPUTER INC. | | P8P67

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 477 GiB total, 337,238 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: ASUS Bluetooth

Device ID: USB\VID_0B05&PID_179C\6&F57D961&0&7

Manufacturer: Atheros Communications

Name: ASUS Bluetooth

PNP Device ID: USB\VID_0B05&PID_179C\6&F57D961&0&7

Service: BTHUSB

.

==== System Restore Points ===================

.

RP281: 20-11-2013 22:04:45 - OpenOffice 4.0.1 is geïnstalleerd

RP282: 20-11-2013 23:06:22 - OpenOffice 4.0.1 is verwijderd

RP283: 20-11-2013 23:07:39 - Installed Microsoft Office Professional Plus 2010

RP284: 21-11-2013 19:26:48 - Windows Update

RP285: 24-11-2013 20:33:47 - Windows Update

RP286: 28-11-2013 16:33:42 - Windows Update

RP287: 30-11-2013 23:25:43 - Installed Java 7 Update 45

RP288: 30-11-2013 23:29:42 - Windows Update

RP289: 1-12-2013 0:14:40 - Removed KeywordXP

RP290: 1-12-2013 0:35:17 - Removed Adobe Reader X (10.1.0) - Nederlands.

.

==== Installed Programs ======================

.

abgx360 v1.0.6

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Photoshop CS6

Adobe Stock Photos 1.0

AMD Accelerated Video Transcoding

AMD APP CPU SDK Runtime

AMD APP SDK Developer

AMD APP SDK Runtime

AMD APP SDK Samples

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

Bitcoin

Bluetooth Win7 Suite (64)

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CloudReading

Compatibility Pack for the 2007 Office system

Core Temp 1.0 RC3

CPUID CPU-Z 1.62

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

FileZilla Client 3.7.3

Foxit Reader

Google Chrome

Java 7 Update 45

Java Auto Updater

Junk Mail filter update

League of Legends

Litecoin

Malwarebytes Anti-Exploit version 0.09.4.2000

Malwarebytes Anti-Malware versie 1.75.0.1300

Microsoft .NET Framework 4.5 NLD Language Pack

Microsoft .NET Framework 4.5.1

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Office Word Viewer 2003

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Movie Maker

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

Notepad++

PDF Settings CS6

Photo Common

Photo Gallery

PunkBuster Services

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Skype™ 6.11

Spotify

SteelSeries Engine

Taalpakket voor Microsoft .NET Framework 4.5 - NLD

TechPowerUp GPU-Z

tools-windows

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Vegas Pro 12.0 (64-bit)

VLC media player 2.0.3

VMware Player

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Movie Maker 2.6

WinRAR 4.20 (64-bit)

.

==== End Of File ===========================

robbersmiet · December 1, 2013

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Gestart vanuit : Normale modus

Gebruiker : Robin [Administrator rechten]

Modus : Scan -- Datum : 12/01/2013 02:04:17

| ARK || FAK || MBR |

¤¤¤ Kwaadaardige processen : 0 ¤¤¤

¤¤¤ Register verwijzingen : 4 ¤¤¤

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

¤¤¤ geplande taken : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ webbrowsers : 0 ¤¤¤

¤¤¤ Speciale Files / Folders: ¤¤¤

¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤

¤¤¤ Externe Hives: ¤¤¤

¤¤¤ Infectie : ¤¤¤

¤¤¤ HOSTS Bestand: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Controle: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG SSD PM830 2.5" 7mm 512GB ATA Device +++++

--- User ---

[MBR] a7a6cf8a85fcd6aca75a1a6ef53ebc52

[bSP] e75a0a6e58818001c1a3febf5eab3180 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 488284 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Gereed : << RKreport[0]_S_12012013_020417.txt >>

robbersmiet · December 1, 2013

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Java 7 Update 45

Adobe Flash Player 11.9.900.117

Mozilla Firefox 23.0.1 Firefox out of Date!

Google Chrome 30.0.1599.101

Google Chrome 31.0.1650.57

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Malwarebytes Anti-Exploit mbae.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 40% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

robbersmiet · December 1, 2013

Can somebody help please?

robbersmiet · December 1, 2013

Somebody can help?>

robbersmiet · December 2, 2013

162 views and nobody can help me?

kevinf80 · December 2, 2013

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Let me see all logs....

robbersmiet · December 4, 2013

# AdwCleaner v3.014 - Report created 04/12/2013 at 19:56:40

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Robin - ROBIN-PC

# Running from : C:\Users\Robin\Desktop\AdwCleaner (1).exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5041 octets] - [01/12/2013 00:09:46]

AdwCleaner[R1].txt - [1031 octets] - [04/12/2013 19:56:40]

AdwCleaner[s0].txt - [4619 octets] - [01/12/2013 00:11:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1151 octets] ##########

robbersmiet · December 4, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013

Ran by Robin (administrator) on ROBIN-PC on 04-12-2013 20:01:03

Running from C:\Users\Robin\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: Dutch Standard

Internet Explorer Version 11

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Spotify Ltd) C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKCU\...\Run: [Google Update] - C:\Users\Robin\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-29] (Google Inc.)

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Run: [spotify Web Helper] - C:\Users\Robin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-18] (Spotify Ltd)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.search.us.com/v/2/?guid={575E320B-998E-435A-9FA8-084D440902A8}&serpv=5

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDFD7DE00F241CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.search.us.com/v/2/?guid={575E320B-998E-435A-9FA8-084D440902A8}&serpv=5

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {546B19ED-BF15-4CE9-8209-4227DD09CEF1} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10571

SearchScopes: HKCU - {CD986190-E99C-46F8-ADFE-6B30835853B7} URL = http://search.us.com/serp?guid={575E320B-998E-435A-9FA8-084D440902A8}&action=default_search&serpv=5&k={searchTerms}

SearchScopes: HKCU - {CDBB5100-B377-41B3-BCC8-49E8CE4F8A41} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10571

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {87775FDB-6972-41F9-AE51-8326E38CB206} - No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: 127.0.0.1 localhost

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 195.121.1.34 195.121.1.66

FireFox:

========

FF ProfilePath: C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default

FF NewTab: user_pref("browser.newtab.url", "");

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Robin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Robin\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Extension: DownloadHelper - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF Extension: SkipScreen - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\Extensions\SkipScreen@SkipScreen.xpi

FF Extension: flashgot - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi

FF Extension: Adblock Plus - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF Extension: greasemonkey - C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\v43143rc.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com

Chrome:

=======

CHR Plugin: (Shockwave Flash) - C:\Users\Robin\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Robin\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Robin\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

CHR Plugin: (Google Update) - C:\Users\Robin\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Extension: (Google Drive) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

CHR Extension: (YouTube) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

CHR Extension: (Google Search) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

CHR Extension: (AdBlock) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0

CHR Extension: (SparkChess 6) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.4.5.1_0

CHR Extension: (Ghostery) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0

CHR Extension: (Google Wallet) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Auto Refresh Plus) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih\1.8.9.22_0

CHR Extension: (Gmail) - C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [bjninacglmmmbabmlkaegnanopeoiong] - C:\Users\Robin\AppData\Local\CRE\bjninacglmmmbabmlkaegnanopeoiong.crx

CHR StartMenuInternet: Google Chrome - C:\Users\Robin\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-08] (Adobe Systems)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-15] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-09-07] ()

==================== Drivers (Whitelisted) ====================

R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2013-10-23] ()

R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)

S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [29696 2012-10-11] (ManyCam LLC)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [34944 2012-01-20] (SteelSeries Corporation)

S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-15] (Anchorfree Inc.)

S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)

S3 ALSysIO; \??\C:\Users\Robin\AppData\Local\Temp\ALSysIO64.sys [x]

S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-04 20:01 - 2013-12-04 20:12 - 00013972 _____ C:\Users\Robin\Desktop\FRST.txt

2013-12-04 20:00 - 2013-12-04 20:00 - 01959766 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe

2013-12-04 20:00 - 2013-12-04 20:00 - 01959766 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe

2013-12-04 20:00 - 2013-12-04 20:00 - 00000000 ____D C:\FRST

2013-12-04 19:56 - 2013-12-04 19:56 - 01110034 _____ C:\Users\Robin\Downloads\AdwCleaner (1).exe

2013-12-04 19:56 - 2013-12-04 19:56 - 01110034 _____ C:\Users\Robin\Desktop\AdwCleaner (1).exe

2013-12-01 21:19 - 2013-12-01 21:19 - 00000554 _____ C:\Users\Robin\Desktop\Check123.html.txt

2013-12-01 02:22 - 2013-12-01 02:22 - 00201728 _____ (OldTimer Tools) C:\Users\Robin\Desktop\OTC.exe

2013-12-01 02:21 - 2013-12-01 02:22 - 00201728 _____ (OldTimer Tools) C:\Users\Robin\Downloads\OTC.exe

2013-12-01 02:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2013-12-01 02:12 - 2013-12-01 02:14 - 00009768 _____ C:\Windows\IE11_main.log

2013-12-01 02:12 - 2013-12-01 02:12 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-12-01 02:12 - 2013-12-01 02:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-12-01 02:12 - 2013-12-01 02:12 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-12-01 02:12 - 2013-12-01 02:12 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-12-01 02:12 - 2013-12-01 02:12 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00891200 _____ C:\Users\Robin\Downloads\SecurityCheck.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2013-12-01 02:12 - 2013-12-01 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2013-12-01 02:12 - 2013-12-01 02:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-12-01 02:12 - 2013-12-01 02:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2013-12-01 02:12 - 2013-12-01 02:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2013-12-01 02:12 - 2013-12-01 02:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2013-12-01 02:12 - 2013-12-01 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2013-12-01 02:12 - 2013-12-01 02:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2013-12-01 02:12 - 2013-12-01 02:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2013-12-01 02:04 - 2013-12-01 02:04 - 00001802 _____ C:\Users\Robin\Desktop\RKreport[0]_S_12012013_020417.txt

2013-12-01 02:02 - 2013-12-01 02:04 - 00000000 ____D C:\Users\Robin\Desktop\RK_Quarantine

2013-12-01 02:00 - 2013-12-01 02:00 - 04172288 _____ C:\Users\Robin\Downloads\RogueKillerX64 (3).exe

2013-12-01 01:53 - 2013-12-01 01:53 - 00021254 _____ C:\Users\Robin\Desktop\dds.txt

2013-12-01 01:53 - 2013-12-01 01:53 - 00006256 _____ C:\Users\Robin\Desktop\attach.txt

2013-12-01 01:44 - 2013-12-01 01:44 - 00688992 _____ (Swearware) C:\Users\Robin\Downloads\dds.scr

2013-12-01 01:16 - 2013-12-01 01:16 - 00000426 _____ C:\Users\Robin\Desktop\infected.txt

2013-12-01 00:50 - 2013-12-01 00:50 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_enu (2).exe

2013-12-01 00:49 - 2013-12-01 00:49 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_enu (1).exe

2013-12-01 00:47 - 2013-12-04 19:54 - 00000504 _____ C:\Windows\setupact.log

2013-12-01 00:47 - 2013-12-01 00:47 - 954059044 _____ C:\Windows\MEMORY.DMP

2013-12-01 00:47 - 2013-12-01 00:47 - 00276640 _____ C:\Windows\Minidump\120113-7051-01.dmp

2013-12-01 00:47 - 2013-12-01 00:47 - 00001694 _____ C:\Windows\PFRO.log

2013-12-01 00:47 - 2013-12-01 00:47 - 00000000 ____D C:\Windows\Minidump

2013-12-01 00:47 - 2013-12-01 00:47 - 00000000 _____ C:\Windows\setuperr.log

2013-12-01 00:40 - 2013-12-01 00:41 - 00000000 ____D C:\Users\Robin\Desktop\Javara

2013-12-01 00:40 - 2013-12-01 00:40 - 00160350 _____ C:\Users\Robin\Downloads\JavaRa.zip

2013-12-01 00:38 - 2013-12-01 00:38 - 00002050 _____ C:\Users\Public\Desktop\Foxit Reader.lnk

2013-12-01 00:38 - 2013-12-01 00:38 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Foxit Software

2013-12-01 00:38 - 2013-12-01 00:38 - 00000000 ____D C:\Program Files (x86)\Foxit Software

2013-12-01 00:35 - 2013-12-01 00:36 - 34168832 _____ (Foxit Corporation ) C:\Users\Robin\Downloads\FoxitReader611.1031_enu_Setup.exe

2013-12-01 00:30 - 2013-12-04 19:54 - 00002998 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit

2013-12-01 00:30 - 2013-12-04 19:54 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job

2013-12-01 00:30 - 2013-12-01 00:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit

2013-12-01 00:30 - 2013-07-16 04:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll

2013-12-01 00:30 - 2013-07-16 04:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll

2013-12-01 00:30 - 2013-07-16 04:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll

2013-12-01 00:30 - 2013-07-16 04:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll

2013-12-01 00:29 - 2013-12-01 00:29 - 01793648 _____ (Malwarebytes ) C:\Users\Robin\Downloads\mbae-setup-0.09.4.2000.exe

2013-12-01 00:20 - 2013-12-01 00:20 - 02347384 _____ (ESET) C:\Users\Robin\Downloads\esetsmartinstaller_enu.exe

2013-12-01 00:09 - 2013-12-04 19:57 - 00000000 ____D C:\AdwCleaner

2013-12-01 00:09 - 2013-12-01 00:09 - 01091882 _____ C:\Users\Robin\Downloads\adwcleaner.exe

2013-12-01 00:04 - 2013-12-01 00:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-12-01 00:03 - 2013-12-01 00:03 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Robin\Downloads\mbar-1.07.0.1007.exe

2013-12-01 00:03 - 2013-12-01 00:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-30 23:57 - 2013-11-30 23:57 - 04172288 _____ C:\Users\Robin\Downloads\RogueKillerX64 (2).exe

2013-11-30 23:40 - 2013-11-30 23:40 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Oracle

2013-11-30 23:29 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2013-11-30 23:29 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-11-30 23:26 - 2013-11-30 23:26 - 00915368 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u45 (1).exe

2013-11-30 23:26 - 2013-11-30 23:26 - 00000000 ____D C:\ProgramData\Oracle

2013-11-30 23:26 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-11-30 23:26 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-11-30 23:26 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-11-30 23:26 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-11-30 23:25 - 2013-11-30 23:26 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log

2013-11-30 23:25 - 2013-11-30 23:25 - 00915368 _____ (Oracle Corporation) C:\Users\Robin\Downloads\chromeinstall-7u45.exe

2013-11-30 22:49 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-30 22:49 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-30 22:49 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-30 22:49 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-30 22:49 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-30 22:49 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-30 22:49 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-11-30 22:49 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll

2013-11-30 22:49 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll

2013-11-30 22:49 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-11-30 22:49 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-11-30 22:49 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2013-11-30 22:49 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-11-30 22:49 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2013-11-30 22:49 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-11-30 22:49 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-11-30 22:49 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-11-30 22:49 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2013-11-30 22:49 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-11-30 22:49 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2013-11-30 22:49 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-11-30 22:49 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-11-30 22:49 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-11-30 22:49 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-11-30 22:49 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

2013-11-30 22:49 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll

2013-11-30 22:49 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll

2013-11-30 22:49 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll

2013-11-30 22:49 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

2013-11-30 22:49 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys

2013-11-30 19:30 - 2013-11-30 22:02 - 00000000 ____D C:\Users\Robin\Desktop\Quark

2013-11-30 00:22 - 2013-11-30 00:22 - 12819132 _____ C:\Users\Robin\Downloads\quarkcoin083r3win (3).zip

2013-11-30 00:22 - 2013-11-30 00:22 - 12819132 _____ C:\Users\Robin\Downloads\quarkcoin083r3win (2).zip

2013-11-28 21:05 - 2013-11-28 21:05 - 16062993 _____ C:\Users\Robin\Downloads\bitcoin-0.8.5-win32.zip

2013-11-28 20:59 - 2013-11-28 21:00 - 12819132 _____ C:\Users\Robin\Downloads\quarkcoin083r3win (1).zip

2013-11-28 16:52 - 2013-11-28 16:52 - 00209412 _____ C:\Users\Robin\Downloads\quarkcoin-cpuminer-master.zip

2013-11-28 16:45 - 2013-11-28 16:45 - 00529559 _____ C:\Users\Robin\Downloads\cpuminer-quark2.zip

2013-11-27 23:10 - 2013-11-28 03:09 - 00000072 _____ C:\Users\Robin\Desktop\Cryptsy.com.txt

2013-11-27 22:37 - 2013-11-27 22:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin

2013-11-27 22:37 - 2013-11-27 22:37 - 00000000 ____D C:\Program Files (x86)\Bitcoin

2013-11-27 22:36 - 2013-11-27 22:36 - 11678760 _____ (Bitcoin project) C:\Users\Robin\Downloads\bitcoin-0.8.5-win32-setup.exe

2013-11-27 22:24 - 2013-12-02 18:02 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Quarkcoin

2013-11-27 22:24 - 2013-11-27 22:24 - 00000000 ____D C:\Users\Robin\Desktop\123

2013-11-27 22:23 - 2013-11-27 22:23 - 12819132 _____ C:\Users\Robin\Downloads\quarkcoin083r3win.zip

2013-11-27 15:37 - 2013-11-27 15:37 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin

2013-11-27 15:37 - 2013-11-27 15:37 - 00000000 ____D C:\Program Files (x86)\Litecoin

2013-11-27 15:36 - 2013-11-27 15:37 - 13633097 _____ (Litecoin project) C:\Users\Robin\Downloads\litecoin-0.8.5.1-win32-setup.exe

2013-11-27 15:36 - 2013-11-27 15:36 - 00000836 _____ C:\Users\Robin\Downloads\litecoin-0.8.5.1-win32-setup.exe.asc

2013-11-20 23:08 - 2013-11-20 23:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform

2013-11-20 23:08 - 2013-11-20 23:08 - 00000000 ____D C:\Program Files\Microsoft Office

2013-11-20 23:08 - 2013-11-20 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8

2013-11-20 23:08 - 2013-11-20 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services

2013-11-20 23:08 - 2013-11-20 23:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework

2013-11-20 23:07 - 2013-11-21 19:27 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-20 23:07 - 2013-11-20 23:07 - 00000000 __RHD C:\MSOCache

2013-11-20 23:07 - 2013-11-20 23:07 - 00000000 ____D C:\Users\Robin\AppData\Local\Microsoft Help

2013-11-20 23:07 - 2013-11-20 23:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2013-11-20 23:01 - 2013-11-20 23:01 - 00000000 ____D C:\Users\Robin\AppData\Roaming\PowerISO

2013-11-20 22:51 - 2013-11-20 22:54 - 767623168 ____R C:\Users\Robin\Documents\14.0.4734.1000_ProfessionalPlus_volume_x86_en-us.iso

2013-11-20 22:05 - 2013-11-20 22:05 - 00848206 _____ C:\Users\Robin\Downloads\Analysis Report (1).zip

2013-11-20 22:05 - 2013-11-20 22:05 - 00000000 ____D C:\Users\Robin\AppData\Roaming\OpenOffice

2013-11-20 22:04 - 2013-11-20 22:04 - 00000000 ____D C:\Users\Robin\Desktop\OpenOffice 4.0.1 (nl) Installation Files

2013-11-20 22:03 - 2013-11-20 22:03 - 139734741 _____ C:\Users\Robin\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_nl.exe

2013-11-20 22:01 - 2013-11-20 22:01 - 00848206 _____ C:\Users\Robin\Downloads\Analysis Report.zip

2013-11-19 21:33 - 2013-11-20 21:44 - 00000044 _____ C:\Users\Robin\Desktop\Hotmail Facebook.txt

2013-11-14 23:25 - 2013-11-14 23:25 - 00001168 _____ C:\Users\Robin\Downloads\sitemap (2).xml

2013-11-14 23:17 - 2013-11-14 23:17 - 00001174 _____ C:\Users\Robin\Downloads\sitemap (1).xml

2013-11-13 16:23 - 2013-11-13 16:24 - 00000061 _____ C:\Users\Robin\Desktop\Riot points giveaway.txt

2013-11-13 14:19 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 14:19 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 14:19 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 14:19 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 14:19 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 14:19 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 14:19 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 14:19 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 14:19 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-13 14:19 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 14:19 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 14:19 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 14:19 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 14:19 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 14:19 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 14:19 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 14:19 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 14:19 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 14:19 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 14:19 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 14:19 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 14:19 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 14:19 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 14:19 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-12 21:56 - 2013-11-12 21:56 - 00000800 _____ C:\Users\Robin\Downloads\Seo Yoast Settings.zip

2013-11-12 14:58 - 2013-11-12 14:58 - 00005599 _____ C:\Users\Robin\Downloads\index (1).php

2013-11-12 01:34 - 2013-11-12 02:11 - 451794548 _____ C:\Users\Robin\Downloads\sa mcftp-s3.avi

2013-11-12 01:29 - 2013-11-12 01:56 - 322438598 _____ C:\Users\Robin\Downloads\Stacy Adams - Culos Gigantes 4 (1).avi

2013-11-11 23:52 - 2013-11-11 23:52 - 81348126 _____ C:\Users\Robin\Downloads\backup-freegamekey.net-11-11-2013.tar.gz

2013-11-11 23:52 - 2013-11-11 23:52 - 00000058 _____ C:\Users\Robin\Downloads\aliases-lolraffle.freegamekey.net.gz

2013-11-11 23:32 - 2013-11-11 23:32 - 00005595 _____ C:\Users\Robin\Downloads\index.php

2013-11-11 23:32 - 2013-11-11 23:32 - 00005595 _____ C:\Users\Robin\Desktop\index.php

2013-11-11 16:48 - 2013-11-11 16:48 - 00003043 _____ C:\Users\Robin\Desktop\artikel.txt

==================== One Month Modified Files and Folders =======

2013-12-04 20:12 - 2013-12-04 20:01 - 00013972 _____ C:\Users\Robin\Desktop\FRST.txt

2013-12-04 20:06 - 2012-02-29 23:41 - 01876519 _____ C:\Windows\WindowsUpdate.log

2013-12-04 20:04 - 2012-03-21 19:05 - 00000000 ____D C:\Users\Robin\AppData\Local\Adobe

2013-12-04 20:03 - 2012-04-05 12:05 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-12-04 20:02 - 2011-04-12 14:00 - 00748486 _____ C:\Windows\system32\perfh013.dat

2013-12-04 20:02 - 2011-04-12 14:00 - 00154964 _____ C:\Windows\system32\perfc013.dat

2013-12-04 20:02 - 2009-07-14 06:13 - 01679238 _____ C:\Windows\system32\PerfStringBackup.INI

2013-12-04 20:01 - 2009-07-14 05:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-12-04 20:01 - 2009-07-14 05:45 - 00022768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-12-04 20:00 - 2013-12-04 20:00 - 01959766 _____ (Farbar) C:\Users\Robin\Downloads\FRST64.exe

2013-12-04 20:00 - 2013-12-04 20:00 - 01959766 _____ (Farbar) C:\Users\Robin\Desktop\FRST64.exe

2013-12-04 20:00 - 2013-12-04 20:00 - 00000000 ____D C:\FRST

2013-12-04 19:57 - 2013-12-01 00:09 - 00000000 ____D C:\AdwCleaner

2013-12-04 19:56 - 2013-12-04 19:56 - 01110034 _____ C:\Users\Robin\Downloads\AdwCleaner (1).exe

2013-12-04 19:56 - 2013-12-04 19:56 - 01110034 _____ C:\Users\Robin\Desktop\AdwCleaner (1).exe

2013-12-04 19:54 - 2013-12-01 00:47 - 00000504 _____ C:\Windows\setupact.log

2013-12-04 19:54 - 2013-12-01 00:30 - 00002998 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit

2013-12-04 19:54 - 2013-12-01 00:30 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job

2013-12-04 19:54 - 2013-10-06 15:55 - 00000000 ____D C:\ProgramData\VMware

2013-12-04 19:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-12-02 18:27 - 2012-05-19 02:08 - 00000140 _____ C:\Users\Robin\AppData\Roaming\Network Monitor II_Traffic.ini

2013-12-02 18:02 - 2013-11-27 22:24 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Quarkcoin

2013-12-02 17:48 - 2012-02-29 22:59 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3868541977-2876869427-924007983-1000UA.job

2013-12-02 17:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache

2013-12-02 15:45 - 2012-05-30 01:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Skype

2013-12-01 22:48 - 2012-02-29 22:59 - 00001014 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3868541977-2876869427-924007983-1000Core.job

2013-12-01 22:45 - 2013-04-12 14:11 - 00000000 ____D C:\Users\Robin\AppData\Roaming\Bitcoin

2013-12-01 21:19 - 2013-12-01 21:19 - 00000554 _____ C:\Users\Robin\Desktop\Check123.html.txt

2013-12-01 02:22 - 2013-12-01 02:22 - 00201728 _____ (OldTimer Tools) C:\Users\Robin\Desktop\OTC.exe

2013-12-01 02:22 - 2013-12-01 02:21 - 00201728 _____ (OldTimer Tools) C:\Users\Robin\Downloads\OTC.exe

2013-12-01 02:17 - 2005-01-01 22:39 - 00001401 _____ C:\Users\Robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-01 02:17 - 2005-01-01 04:29 - 00000000 ____D C:\Windows\Panther

2013-12-01 02:16 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-12-01 02:14 - 2013-12-01 02:12 - 00009768 _____ C:\Windows\IE11_main.log