pezuy Posted November 11, 2014 ID:906419 Share Posted November 11, 2014 I am not sure if I am allowed to paste a link with a path provided by preview.tinyurl.com, so at this point I will not paste it but I will if needed. So short story:I was browsing gaming forum and there was imgur link from one of the posters, which actually was tinyurl.com/IMAGE-xXxXxXx (xxxx are really numbers but I will keep them away since I do no think its appropriate to post infected links here), but I misread it and clicked it. It instantly downloaded picture to my computer, but as soon as I realized this I went to the file location and deleted instantly without opening it. I have tried scanning my computer with safe modes on, with Malwarebytes, Norton 360 and Spybot too, but have not found anything and now I am being paranoid all the time wether or not I should even log to emails etc without some prick getting my informations. So do I have malware on loose or should I just let it be? Thank you for reading! Link to post Share on other sites More sharing options...
pezuy Posted November 13, 2014 Author ID:907433 Share Posted November 13, 2014 Posted this thread 11.11, its 13th now, I am not sure if allowed to bump or not. Still in need of help ;c Computer feels slower after I clicked the link but so far I have found nothing that implies to malware nor virus. Might be in my head too Link to post Share on other sites More sharing options...
Naathim Posted November 13, 2014 ID:907476 Share Posted November 13, 2014 Hi First of all don't get paranoid. Let me check what is going on there. Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.Right-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Please include its content in your next reply.Don't forget to re-enable your switched-off protection software! Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:907996 Share Posted November 14, 2014 Hello! Thank you for replying! I did what you asked, but when I hit "scan" there were options to quick scan, deep scan, quick scan + clean and deep scan + clean. But I only did the deep scan. But here are the notepad that popped in the end:----------------------------------------------------------------------------- Zoek.exe v5.0.0.0 Updated 13-November-2014Tool run by Petri on pe 14.11.2014 at 16:23:06,59.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Petri\Downloads\zoek.exe [scan all users] [Deep Scan] ==== System Restore Info ====================== 14.11.2014 16:27:36 Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exeC:\Windows\SysWOW64\cmd.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)Memory (RAM): 8169 MBCPU Info: Intel® Core i5-2500K CPU @ 3.30GHzCPU Speed: 3307,8 MHzSound Card: PHILIPS FTV-4 (NVIDIA High Defi | Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Realtek Digital Output(Optical) | SPDIF Out (Creative SB X-Fi) | Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bitNetwork: Network PresentNetwork Adapters: Realtek PCIe GBE Family ControllerCD / DVD Drives: 1x (E: | ) E: DTSOFT BDROMPorts: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse PresentHard Disks: C: 931,4GB | D: 232,9GB | X: 119,2GBHard Disks - Free: C: 428,2GB | D: 19,5GB | X: 64,5GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009Time Zone: FLE Standard TimeMotherboard *: ASUSTeK Computer INC. P8P67 REV 3.1Country: Suomi Language: FIN ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated)Anti-Spyware: Norton 360 disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)Firewall: Norton 360 disabledDefault Browser: Google Chrome 38.0.2125.111Internet Explorer version: 8.0.7601.17514 Google Chrome version: 38.0.2125.111Adobe Reader version: 10.1.8.24Sun Java version: 1.7.0_06 (32-bit) Flash Player version: 15.0.0.223 ==== Files Recently Created / Modified ====================== ====== C:\Windows ====2014-10-27 18:56:40 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini====== C:\Users\Petri\AppData\Local\Temp ====2014-11-13 22:53:19 5243EF3BDAB96A51C6D4B8F42B058690 30883840 ----a-w- C:\Users\Petri\AppData\Local\Temp\STOPzilla!\SZPRO6.msi2014-11-13 22:49:47 1BE52FA937585CCFEB9D0B6568B1C9D0 75264 ----a-w- C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dll2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Petri\AppData\Local\Temp\sqlite3.dll2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe====== Java Cache =========== C:\Windows\SysWOW64 =====2014-11-12 07:03:56 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll2014-11-12 07:03:56 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll2014-11-12 07:03:56 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll2014-11-12 07:03:56 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll2014-11-12 07:03:52 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll2014-11-12 07:03:52 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll2014-11-12 07:03:49 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL2014-11-12 07:03:45 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll2014-11-12 07:03:45 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll2014-11-12 07:03:45 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 07:03:38 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll2014-11-12 07:03:38 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll2014-11-12 07:03:38 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll2014-11-12 07:03:38 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll2014-11-12 07:03:38 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll2014-11-12 07:03:38 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll2014-11-12 07:03:38 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll2014-11-12 07:03:33 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll2014-11-12 07:03:29 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll2014-11-12 07:03:27 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-11-12 07:03:56 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll2014-11-12 07:03:56 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll2014-11-12 07:03:56 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll2014-11-12 07:03:56 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll2014-11-12 07:03:52 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll2014-11-12 07:03:52 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll2014-11-12 07:03:49 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL2014-11-12 07:03:45 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll2014-11-12 07:03:45 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll2014-11-12 07:03:45 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll2014-11-12 07:03:45 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll2014-11-12 07:03:45 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll2014-11-12 07:03:40 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll2014-11-12 07:03:39 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll2014-11-12 07:03:38 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll2014-11-12 07:03:38 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll2014-11-12 07:03:38 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll2014-11-12 07:03:38 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll2014-11-12 07:03:38 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll2014-11-12 07:03:33 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys2014-11-12 07:03:29 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll2014-11-12 07:03:27 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe====== C:\Windows\Sysnative\drivers =====2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys2014-10-21 07:14:47 64AEB5790901EA8854884981F104CAA6 18960 ----a-w- C:\Windows\Sysnative\drivers\LNonPnP.sys2014-10-16 20:24:02 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys2014-10-16 20:24:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys====== C:\Windows\Tasks ======2014-11-13 22:50:01 5446ABB5635AB581E585E4C362030E2D 3146 ----a-w- C:\Windows\Sysnative\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}2014-11-11 16:06:29 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking====== C:\Windows\Temp ============= C:\Program Files =====2014-11-13 07:36:10 -------- d-----w- C:\Program Files\iPod2014-11-13 07:36:08 -------- d-----w- C:\Program Files\iTunes2014-10-27 18:56:43 -------- d-----w- C:\Program Files\Ventrilo======= C:\PROGRA~2 =====2014-11-13 07:36:08 -------- d-----w- C:\PROGRA~2\iTunes2014-11-07 17:12:05 -------- d-----w- C:\PROGRA~2\Battle.net2014-10-27 19:02:34 -------- d-----w- C:\PROGRA~2\VentSrv2014-10-27 18:56:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard2014-10-20 12:22:47 -------- d-----w- C:\PROGRA~2\Steam2014-10-18 21:21:26 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET======= C: =========== C:\Users\Petri\AppData\Roaming ======2014-11-11 16:08:44 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs2014-10-27 18:56:45 -------- d-----w- C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2014-10-23 21:28:09 -------- d-----w- C:\Users\Petri\AppData\Local\PAYDAY 22014-10-22 03:48:09 -------- d-----w- C:\Users\Petri\AppData\Local\NPE2014-10-21 16:49:46 -------- d-----w- C:\Users\Petri\AppData\Roaming\Mumble====== C:\Users\Petri ======2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe2014-11-13 21:43:19 -------- d-----w- C:\ProgramData\RogueKiller2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe2014-11-13 07:36:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-11-13 07:36:08 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe2014-11-08 00:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-11-07 17:22:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft2014-11-07 17:12:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe2014-10-27 19:02:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv2014-10-21 16:48:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble2014-10-20 12:22:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ====== C: exe-files ==2014-11-14 07:56:27 FF014FC26936DDB5FED71323C8C8B602 4375312 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067c0\DAO.19053070.exe2014-11-14 07:56:27 E9252383496C120FA55CE9A03D31E94C 426056 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067be\CoProc update.19053990.exe2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe2014-11-13 07:32:05 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe2014-11-12 07:55:32 C04B2A7C132168E175EFD142D28B9199 32352984 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\fb02833e-a93d-43c2-9ff2-1324f701c4bf\GeForce_Experience_Update_v2.1.4.0.exe2014-11-11 17:46:42 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Petri\Desktop\mbar\Plugins\fixdamage.exe2014-11-11 17:46:42 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Petri\Desktop\mbar\mbamdor.exe2014-11-11 17:46:42 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Petri\Desktop\mbar\mbar.exe2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe2014-11-08 00:03:25 F62699E0CBAA07AF65048EFC33A8C720 10400304 ----a-w- C:\Hearthstone\Hearthstone.exe2014-11-08 00:03:25 B8E8942CEAC065FC740B96AD6A8C6E7A 3055152 ----a-w- C:\Hearthstone\Hearthstone Beta Launcher.exe2014-11-07 17:12:05 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe2014-11-07 17:12:05 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe2014-11-07 17:12:05 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Battle.net\Uninstall.exe2014-11-07 17:12:05 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe2014-11-07 17:12:05 65E168CE4D531B15C0E7DD52460DDE7B 9986608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe2014-11-07 17:12:05 0FB5EB5C3639C88A02DADA0BBC079A58 2864688 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe2014-11-07 17:08:17 C714408EEFF4EA72239A39A97FA062E6 10615856 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe=== C: other files ==2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-11-08 17:52:20 9A92A30DB657636DDF39781660EDFF09 15654 ----a-w- C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CtxfiReg"="CTXFIREG.exe /FAIL1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1149593954-1596858650-3402885492-1000\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c""Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]"CtxfiReg"="CTXFIREG.exe /FAIL1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe""iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c""Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s""ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart""NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe""AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe""Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="APSDaemon""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AthBtTray""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AtherosBtStack""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtwtusbIcon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AtwtusbIcon""hkey"="HKLM""command"="AtwtusbIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="CAHeadless""hkey"="HKCU""command"="C:\\Program Files (x86)\\Adobe\\Elements 12 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTxfiHlp]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="CTxfiHlp""hkey"="HKLM""command"="CTXFIHLP.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dyyno Launcher]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Dyyno Launcher""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Dyyno\\Dyyno Broadcaster\\dyyno_launcher.exe\" 30100 30101 30102 30103 30104" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="EADM""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Family Tree Builder Update""hkey"="HKLM""command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="iTunesHelper""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Spotify Web Helper""hkey"="HKCU""command"="\"C:\\Users\\Petri\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="WinampAgent""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13.11.2014 20:05]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job --a------ [undetermined Task]C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job --a------ C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [31.03.2012 12:40] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Petri-PC-Petri" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core" [C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA" [C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]"C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]"C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [18.11.2013 17:01] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsiikflkcanblccfahdhdonehdalibjnif - No path found[]mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[20.09.2014 10:52] YouTube - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfGoogle Wallet - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaundetermined - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\1.93.rar ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} Yahoo Url="http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{7910D2B8-97D5-48ba-96D2-B4C0D214775E} Google Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=fi&q={searchTerms}" ==== HijackThis Entries ====================== C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exeR3 - URLSearchHook: (no name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - (no file)F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dllO4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [Google Update] "C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabO16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cabO16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cabO20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exeO23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exeO23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exeO23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeO23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeO23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe (file missing) ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on pe 14.11.2014 at 16:33:48,12 ====================== Link to post Share on other sites More sharing options...
Naathim Posted November 14, 2014 ID:907998 Share Posted November 14, 2014 This is not what I was asking for.I gave you complete instructions what you have to do - please re-read them carefully and do this again Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:908010 Share Posted November 14, 2014 Sorry. I noticed some odd in my task manager "pevz.exe" it appeared after disabling Norton Smart Firewall. Googled says its malicious trojan however here are the results --- Zoek.exe v5.0.0.0 Updated 13-November-2014Tool run by Petri on pe 14.11.2014 at 16:58:20,27.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Petri\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2014-11-14-143348.log 39750 bytes ==== System Restore Info ====================== 14.11.2014 16:58:47 Zoek.exe System Restore Point Created Succesfully. ==== Installed Programs ====================== æTorrent Adobe AIR Adobe Download Assistant Adobe Flash Media Live Encoder 3.2 Adobe Flash Player 15 ActiveX Adobe Flash Player 15 Plugin Adobe Photoshop Elements 12 Adobe Photoshop Lightroom 5.2 64-bit Adobe Reader X (10.1.8) - Suomi Apple Mobile Device Support Apple Software Update Applen ohjelmatuki Asmedia ASM104x USB 3.0 Host Controller Driver Audacity 2.0 Battle.net Battlefield 3T Battlelog Web Plugins Bonjour Canon MP250 series MP Drivers CCleaner Counter-Strike: Global Offensive Creative ALchemy Creative Audio Control Panel Creative Console Launcher Creative MediaSource 5 Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative WaveStudio 7 D3DX10 DAEMON Tools Lite Digital Dogsitter Elements 12 Organizer ESN Sonar Fliqlo Screen Saver Google Chrome Hearthstone Intel® Management Engine Components iTunes Java 7 Update 6 Java Auto Updater Java 6 Update 22 Java 6 Update 31 JavaFX 2.1.0 Junk Mail filter update Logitech Gaming Software 8.56 Malwarebytes Anti-Malware version 2.0.3.1025 marvell 91xx driver Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft ASP.NET MVC 4 Runtime Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Microsoft WSE 3.0 Runtime MSI Afterburner 2.3.1 MSVCRT MSVCRT_amd64 Mumble 1.2.8 MyHeritage Family Tree Builder NirSoft BlueScreenView Norton 360 NVIDIA 3D Vision Controller Driver 344.11 NVIDIA 3D Vision Driver 344.11 NVIDIA Control Panel 344.11 NVIDIA GeForce Experience 2.1.2 NVIDIA GeForce Experience Service NVIDIA Graphics Driver 344.11 NVIDIA HD Audio Driver 1.3.32.1 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA PhysX NVIDIA ShadowPlay 16.13.42 NVIDIA Stereoscopic 3D Driver NVIDIA Update 16.13.42 NVIDIA Update Core NVIDIA Virtual Audio 1.2.25 OpenAL OpenOffice.org 3.3 Origin PAYDAY 2 PSE12 STI Installer Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2) Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) Security Update for Microsoft .NET Framework 4.5.1 (KB2972107) Security Update for Microsoft .NET Framework 4.5.1 (KB2972216) Security Update for Microsoft .NET Framework 4.5.1 (KB2978128) Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2) SHIELD Streaming SHIELD Wireless Controller Driver SimCity 4 Deluxe SimCityT Spotify Spybot - Search & Destroy Steam The SimsT 3 The SimsT 3 70-, 80- ja 90-luku Kamasetti The SimsT 3 Baana auki Kamasetti The SimsT 3 Diesel Kamasetti The SimsT 3 Iltahuvit The SimsT 3 Leffa Kamasetti The SimsT 3 Lemmikit The SimsT 3 Luksuslukaali Kamasetti The SimsT 3 Maailmanmatkaaja The SimsT 3 Makkari & Kylpp„ri Kamasetti The SimsT 3 Paratiisisaari The SimsT 3 Pihaparatiisi Kamasetti The SimsT 3 Supernatural The SimsT 3 Superstara The SimsT 3 Tulevaisuuteen The SimsT 3 T„ytt„ El„m„„ The SimsT 3 Unelmaduuni The SimsT 3 Vuodenajat The SimsT 3 Yliopistoel„m„„ Trust tablet driver VC 9.0 Runtime Ventrilo Client for Windows x64 Ventrilo Server Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennusty”kalu Windows Liven s„hk”posti WinRAR 5.10 beta 4 (64-bit) VLC media player World of Warcraft ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exeC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exeC:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exeC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exeC:\Users\Petri\Desktop\zoek.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe ==== System Specs ====================== Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)Memory (RAM): 8169 MBCPU Info: Intel® Core i5-2500K CPU @ 3.30GHzCPU Speed: 3310,4 MHzSound Card: PHILIPS FTV-4 (NVIDIA High Defi | Speakers (Realtek High Definiti | Realtek Digital Output (Realtek | Realtek Digital Output(Optical) | SPDIF Out (Creative SB X-Fi) | Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1920 X 1080 - 32 bitNetwork: Network PresentNetwork Adapters: Realtek PCIe GBE Family ControllerCD / DVD Drives: 1x (E: | ) E: DTSOFT BDROMPorts: COM1 LPT Port NOT Present. Mouse: 8 Button Wheel Mouse PresentHard Disks: C: 931,4GB | D: 232,9GB | X: 119,2GBHard Disks - Free: C: 427,8GB | D: 19,5GB | X: 64,5GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009Time Zone: FLE Standard TimeMotherboard *: ASUSTeK Computer INC. P8P67 REV 3.1Country: Suomi Language: FIN ==== System Specs (Software) ====================== Anti-Virus: Norton 360 On-access scanning disabled (Outdated)Anti-Spyware: Norton 360 disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)Firewall: Norton 360 disabledDefault Browser: Google Chrome 38.0.2125.111Internet Explorer version: 8.0.7601.17514 Google Chrome version: 38.0.2125.111Adobe Reader version: 10.1.8.24Sun Java version: 1.7.0_06 (32-bit) Flash Player version: 15.0.0.223 ==== Files Recently Created / Modified ====================== ====== C:\Windows ====2014-10-27 18:56:40 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini====== C:\Users\Petri\AppData\Local\Temp ====2014-11-13 22:53:19 5243EF3BDAB96A51C6D4B8F42B058690 30883840 ----a-w- C:\Users\Petri\AppData\Local\Temp\STOPzilla!\SZPRO6.msi2014-11-13 22:49:47 1BE52FA937585CCFEB9D0B6568B1C9D0 75264 ----a-w- C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dll2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Petri\AppData\Local\Temp\sqlite3.dll2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe====== Java Cache =========== C:\Windows\SysWOW64 =====2014-11-12 07:03:56 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll2014-11-12 07:03:56 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll2014-11-12 07:03:56 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll2014-11-12 07:03:56 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll2014-11-12 07:03:52 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll2014-11-12 07:03:52 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll2014-11-12 07:03:49 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL2014-11-12 07:03:45 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll2014-11-12 07:03:45 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll2014-11-12 07:03:45 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 07:03:38 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll2014-11-12 07:03:38 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll2014-11-12 07:03:38 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll2014-11-12 07:03:38 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll2014-11-12 07:03:38 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll2014-11-12 07:03:38 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll2014-11-12 07:03:38 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll2014-11-12 07:03:33 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll2014-11-12 07:03:29 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll2014-11-12 07:03:27 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-11-12 07:03:56 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll2014-11-12 07:03:56 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll2014-11-12 07:03:56 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll2014-11-12 07:03:56 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll2014-11-12 07:03:52 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll2014-11-12 07:03:52 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll2014-11-12 07:03:49 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL2014-11-12 07:03:45 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll2014-11-12 07:03:45 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll2014-11-12 07:03:45 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll2014-11-12 07:03:45 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll2014-11-12 07:03:45 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll2014-11-12 07:03:40 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll2014-11-12 07:03:39 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll2014-11-12 07:03:38 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll2014-11-12 07:03:38 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll2014-11-12 07:03:38 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll2014-11-12 07:03:38 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll2014-11-12 07:03:38 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll2014-11-12 07:03:33 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys2014-11-12 07:03:29 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll2014-11-12 07:03:27 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe====== C:\Windows\Sysnative\drivers =====2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys2014-10-21 07:14:47 64AEB5790901EA8854884981F104CAA6 18960 ----a-w- C:\Windows\Sysnative\drivers\LNonPnP.sys2014-10-16 20:24:02 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys2014-10-16 20:24:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys====== C:\Windows\Tasks ======2014-11-13 22:50:01 5446ABB5635AB581E585E4C362030E2D 3146 ----a-w- C:\Windows\Sysnative\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}2014-11-11 16:06:29 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking====== C:\Windows\Temp ============= C:\Program Files =====2014-11-13 07:36:10 -------- d-----w- C:\Program Files\iPod2014-11-13 07:36:08 -------- d-----w- C:\Program Files\iTunes2014-10-27 18:56:43 -------- d-----w- C:\Program Files\Ventrilo======= C:\PROGRA~2 =====2014-11-13 07:36:08 -------- d-----w- C:\PROGRA~2\iTunes2014-11-07 17:12:05 -------- d-----w- C:\PROGRA~2\Battle.net2014-10-27 19:02:34 -------- d-----w- C:\PROGRA~2\VentSrv2014-10-27 18:56:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard2014-10-20 12:22:47 -------- d-----w- C:\PROGRA~2\Steam2014-10-18 21:21:26 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET======= C: =========== C:\Users\Petri\AppData\Roaming ======2014-11-11 16:08:44 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs2014-10-27 18:56:45 -------- d-----w- C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2014-10-23 21:28:09 -------- d-----w- C:\Users\Petri\AppData\Local\PAYDAY 22014-10-22 03:48:09 -------- d-----w- C:\Users\Petri\AppData\Local\NPE2014-10-21 16:49:46 -------- d-----w- C:\Users\Petri\AppData\Roaming\Mumble====== C:\Users\Petri ======2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe2014-11-13 21:43:19 -------- d-----w- C:\ProgramData\RogueKiller2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe2014-11-13 07:36:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-11-13 07:36:08 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe2014-11-08 00:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-11-07 17:22:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft2014-11-07 17:12:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe2014-10-27 19:02:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv2014-10-21 16:48:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble2014-10-20 12:22:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ====== C: exe-files ==2014-11-14 07:56:27 FF014FC26936DDB5FED71323C8C8B602 4375312 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067c0\DAO.19053070.exe2014-11-14 07:56:27 E9252383496C120FA55CE9A03D31E94C 426056 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067be\CoProc update.19053990.exe2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe2014-11-13 07:32:05 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe2014-11-12 07:55:32 C04B2A7C132168E175EFD142D28B9199 32352984 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\fb02833e-a93d-43c2-9ff2-1324f701c4bf\GeForce_Experience_Update_v2.1.4.0.exe2014-11-12 07:03:49 73E0DAD52482E65C478EA46081C8785A 141312 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe2014-11-12 07:03:48 7EEB4D2A17421D337F970FB5C3B24410 106496 ----a-w- C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe2014-11-11 17:46:42 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Petri\Desktop\mbar\Plugins\fixdamage.exe2014-11-11 17:46:42 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Petri\Desktop\mbar\mbamdor.exe2014-11-11 17:46:42 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Petri\Desktop\mbar\mbar.exe2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\System32\sdnclean64.exe2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe2014-11-08 00:03:25 F62699E0CBAA07AF65048EFC33A8C720 10400304 ----a-w- C:\Hearthstone\Hearthstone.exe2014-11-08 00:03:25 B8E8942CEAC065FC740B96AD6A8C6E7A 3055152 ----a-w- C:\Hearthstone\Hearthstone Beta Launcher.exe2014-11-07 17:22:57 62A6017CC28F004ECD09153184EE4D65 21259312 ----a-w- C:\World of Warcraft\Wow-64.exe2014-11-07 17:22:56 F12F16D0CF059C42B2ABCF2EF627724D 819248 ----a-w- C:\World of Warcraft\Utils\WowBrowserProxyT.exe2014-11-07 17:22:56 CB349FE518B83258F5E48D35C0571416 799792 ----a-w- C:\World of Warcraft\Utils\WowBrowserProxy.exe2014-11-07 17:22:56 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\World of Warcraft\SystemSurvey.exe2014-11-07 17:22:56 600E5D5442496128B9A48146E7E9E5DA 2905136 ----a-w- C:\World of Warcraft\World of Warcraft Launcher.exe2014-11-07 17:22:56 354B262D3EE4D1F5198B01DCDC8DF13D 13706800 ----a-w- C:\World of Warcraft\Wow.exe2014-11-07 17:22:55 98CB5B27549A3C9DD5CBC4F58F5A5BDB 334384 ----a-w- C:\World of Warcraft\BlizzardError.exe2014-11-07 17:12:05 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe2014-11-07 17:12:05 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe2014-11-07 17:12:05 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Battle.net\Uninstall.exe2014-11-07 17:12:05 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe2014-11-07 17:12:05 65E168CE4D531B15C0E7DD52460DDE7B 9986608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe2014-11-07 17:12:05 0FB5EB5C3639C88A02DADA0BBC079A58 2864688 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe2014-11-07 17:08:17 C714408EEFF4EA72239A39A97FA062E6 10615856 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe=== C: other files ==2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-11-08 17:52:20 9A92A30DB657636DDF39781660EDFF09 15654 ----a-w- C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CtxfiReg"="CTXFIREG.exe /FAIL1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1149593954-1596858650-3402885492-1000\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c""Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]"CtxfiReg"="CTXFIREG.exe /FAIL1" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe""iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c""Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" ""Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" " ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s""ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart""NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe""AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe""Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="APSDaemon""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AthBtTray""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AtherosBtStack""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtwtusbIcon]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="AtwtusbIcon""hkey"="HKLM""command"="AtwtusbIcon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="CAHeadless""hkey"="HKCU""command"="C:\\Program Files (x86)\\Adobe\\Elements 12 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTxfiHlp]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="CTxfiHlp""hkey"="HKLM""command"="CTXFIHLP.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dyyno Launcher]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Dyyno Launcher""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Dyyno\\Dyyno Broadcaster\\dyyno_launcher.exe\" 30100 30101 30102 30103 30104" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="EADM""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Family Tree Builder Update""hkey"="HKLM""command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="iTunesHelper""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="msnmsgr""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Skype""hkey"="HKCU""command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run""item"="Spotify Web Helper""hkey"="HKCU""command"="\"C:\\Users\\Petri\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run""item"="WinampAgent""hkey"="HKLM""command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device] ==== Task Scheduler Jobs ====================== ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [18.11.2013 17:01] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsiikflkcanblccfahdhdonehdalibjnif - No path found[]mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[20.09.2014 10:52] ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCU ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} Yahoo Url="http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{7910D2B8-97D5-48ba-96D2-B4C0D214775E} Google Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=fi&q={searchTerms}" ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on pe 14.11.2014 at 17:02:13,82 ====================== Link to post Share on other sites More sharing options...
Naathim Posted November 14, 2014 ID:908014 Share Posted November 14, 2014 I don't see any abnormalities here, but since you are running a natively 64bit system, I'd like you to provide another set of reports as well. Scan with Farbar Recovery Scan ToolPlease download Farbar Recovery Scan Tool x64 and save it to your Desktop.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).When the tool opens click Yes to disclaimer.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please copy and paste their content into your next reply. Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:908016 Share Posted November 14, 2014 FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by Petri (administrator) on PETRI-PC on 14-11-2014 17:13:29Running from C:\Users\Petri\DownloadsLoaded Profile: Petri (Available profiles: Petri)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 8Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(AMD) C:\Windows\System32\atiesrxx.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(AMD) C:\Windows\System32\atieclxx.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe(Spotify Ltd) C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE() C:\Windows\System32\atwtusb.exe() C:\Windows\System32\atwtusb.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Run: [Google Update] => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-31] (Google Inc.)HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Run: [spotify Web Helper] => C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\MountPoints2: {9cc9e589-7b26-11e1-8981-002683196355} - F:\SETUP.EXEHKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F837F1C17D6CD01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fiURLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No FileSearchScopes: HKLM-x32 - DefaultScope value is missing.SearchScopes: HKCU - {00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} URL = http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMBSearchScopes: HKCU - {7910D2B8-97D5-48ba-96D2-B4C0D214775E} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=fi&q={searchTerms}BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cabDPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cabDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cabHosts: 127.0.0.1 activate.adobe.comTcpip\Parameters: [DhcpNameServer] 192.89.123.29 193.210.19.19 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No FileFF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No FileFF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No FileFF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1149593954-1596858650-3402885492-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-1149593954-1596858650-3402885492-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-14]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18] Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR Profile: C:\Users\Petri\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (YouTube) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-31]CHR Extension: (Google-haku) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-31]CHR Extension: (Google Wallet) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (Gmail) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-31]CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]CHR StartMenuInternet: Google Chrome - C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-18] () [File not signed]S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-30] (Creative Labs) [File not signed]S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-29] (Creative Labs) [File not signed]R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-24] ()R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-27] (DT Soft Ltd)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141113.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141113.040\ENG64.SYS [129752 2014-11-04] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141113.040\EX64.SYS [2137304 2014-11-04] (Symantec Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 17:13 - 2014-11-14 17:13 - 00021411 _____ () C:\Users\Petri\Downloads\FRST.txt2014-11-14 17:13 - 2014-11-14 17:13 - 00000000 ____D () C:\FRST2014-11-14 17:12 - 2014-11-14 17:12 - 02116608 _____ (Farbar) C:\Users\Petri\Downloads\frst64 (1).exe2014-11-14 16:58 - 2014-11-14 16:33 - 00039750 _____ () C:\zoek-results2014-11-14-143348.log2014-11-14 16:27 - 2014-11-14 17:02 - 00033932 _____ () C:\zoek-results.log2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\zoek_backup2014-11-14 00:50 - 2014-11-14 00:51 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Petri\Downloads\SpyHunter-Installer.exe2014-11-14 00:50 - 2014-11-14 00:50 - 00003146 _____ () C:\Windows\System32\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}2014-11-14 00:49 - 2014-11-14 00:49 - 00707664 _____ (iS3, Inc.) C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe2014-11-14 00:44 - 2014-11-14 00:44 - 02140160 _____ () C:\Users\Petri\Downloads\adwcleaner_4.101.exe2014-11-14 00:23 - 2014-11-14 00:23 - 00000000 ____D () C:\Windows\pss2014-11-13 23:51 - 2014-11-13 23:52 - 00006144 ___SH () C:\Users\Petri\AppData\Thumbs.db2014-11-13 23:43 - 2014-11-13 23:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-11-13 23:43 - 2014-11-13 23:43 - 00000000 ____D () C:\ProgramData\RogueKiller2014-11-13 23:41 - 2014-11-13 23:42 - 17535064 _____ () C:\Users\Petri\Downloads\RogueKillerX64.exe2014-11-13 12:24 - 2014-11-13 12:24 - 02116096 _____ (Farbar) C:\Users\Petri\Downloads\frst64.exe2014-11-13 09:36 - 2014-11-13 09:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files\iTunes2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files\iPod2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-11-12 09:03 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-12 09:03 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-12 09:03 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-12 09:03 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-12 09:03 - 2014-10-14 04:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-11-12 09:03 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-11-12 09:03 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-11-12 09:03 - 2014-10-14 04:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-12 09:03 - 2014-10-14 04:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-12 09:03 - 2014-10-14 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-12 09:03 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-12 09:03 - 2014-10-14 03:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-11-12 09:03 - 2014-10-14 03:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-11-12 09:03 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-12 09:03 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-12 09:03 - 2014-10-10 02:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-12 09:03 - 2014-10-03 04:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-12 09:03 - 2014-10-03 04:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-12 09:03 - 2014-10-03 04:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-12 09:03 - 2014-10-03 04:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-11-12 09:03 - 2014-10-03 04:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-12 09:03 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-12 09:03 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-12 09:03 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-11-12 09:03 - 2014-09-19 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-11-12 09:03 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-11-12 09:03 - 2014-08-21 08:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-12 09:03 - 2014-08-21 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-11-12 09:03 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-12 09:03 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-11-12 09:03 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-11-12 09:03 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-11-12 00:02 - 2014-11-14 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-11-11 19:46 - 2014-11-14 00:00 - 00000000 ____D () C:\Users\Petri\Desktop\mbar2014-11-11 19:45 - 2014-11-11 19:46 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe2014-11-11 18:28 - 2014-11-11 18:28 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Petri\Downloads\tdsskiller.exe2014-11-11 18:06 - 2014-11-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-11-11 18:06 - 2014-11-11 18:06 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-11-11 18:06 - 2014-11-11 18:06 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-11-11 18:06 - 2014-11-11 18:06 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-11-11 18:06 - 2014-11-11 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-11-11 18:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-11-11 18:04 - 2014-11-11 18:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Petri\Downloads\spybot-2.4.exe2014-11-11 17:23 - 2014-11-11 17:23 - 00000554 _____ () C:\Users\Petri\Desktop\atx.log2014-11-11 17:17 - 2014-11-11 17:17 - 00380416 _____ () C:\Users\Petri\Downloads\7bcbk4bb.exe2014-11-11 16:57 - 2014-11-11 16:57 - 00017055 _____ () C:\Users\Petri\Desktop\dds.txt2014-11-11 16:57 - 2014-11-11 16:57 - 00006500 _____ () C:\Users\Petri\Desktop\attach.txt2014-11-11 16:54 - 2014-11-11 16:54 - 00688992 ____R (Swearware) C:\Users\Petri\Downloads\dds.com2014-11-11 16:54 - 2014-11-11 16:54 - 00688992 _____ (Swearware) C:\Users\Petri\Downloads\dds.scr2014-11-11 16:25 - 2014-11-11 16:25 - 00380416 _____ () C:\Users\Petri\Downloads\p1nu1hwm.exe2014-11-10 17:13 - 2014-11-13 23:57 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-10 17:13 - 2014-11-13 23:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-10 17:13 - 2014-11-10 17:13 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-10 17:13 - 2014-11-10 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-10 17:13 - 2014-11-10 17:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-10 17:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-10 17:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-11-10 17:12 - 2014-11-10 17:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe2014-11-08 19:52 - 2014-11-08 19:52 - 00015654 _____ () C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip2014-11-08 15:19 - 2014-11-08 15:19 - 00277009 _____ () C:\Users\Petri\Downloads\shoushinkcfg.rar2014-11-08 02:03 - 2014-11-08 02:15 - 00000000 ____D () C:\Hearthstone2014-11-08 02:03 - 2014-11-08 02:03 - 00000780 _____ () C:\Users\Public\Desktop\Hearthstone.lnk2014-11-08 02:03 - 2014-11-08 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-11-08 01:00 - 2014-11-08 17:28 - 00000920 _____ () C:\Users\Petri\Desktop\ruokapolitiikkaa.txt2014-11-07 19:22 - 2014-11-07 19:22 - 00000835 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk2014-11-07 19:22 - 2014-11-07 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft2014-11-07 19:17 - 2014-11-08 22:51 - 00000000 ____D () C:\World of Warcraft2014-11-07 19:12 - 2014-11-07 19:12 - 00001148 _____ () C:\Users\Public\Desktop\Battle.net.lnk2014-11-07 19:12 - 2014-11-07 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2014-11-07 19:12 - 2014-11-07 19:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-11-07 19:06 - 2014-11-07 19:06 - 02868792 _____ (Blizzard Entertainment) C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe2014-11-06 23:17 - 2014-11-11 13:18 - 00001877 _____ () C:\Users\Petri\Desktop\reseptejä FB KOKIT.txt2014-11-06 12:38 - 2014-11-06 12:38 - 00078216 _____ () C:\Users\Petri\Downloads\6AA31B664377B11CBCF1692150B04AF2EEAFB499.torrent2014-11-03 19:57 - 2014-11-03 19:57 - 00000675 _____ () C:\Users\Petri\Desktop\jtn.txt2014-10-30 15:37 - 2014-10-30 15:37 - 00080343 _____ () C:\Users\Petri\Downloads\kuitti.xps2014-10-30 15:30 - 2014-10-30 15:30 - 00080343 _____ () C:\Users\Petri\Desktop\kuitti.xps2014-10-29 22:06 - 2014-10-29 22:06 - 00013139 _____ () C:\Users\Petri\Downloads\fargo.a.muddy.road.(2014).fin.1cd.(5648448).zip2014-10-27 21:02 - 2014-10-27 21:03 - 00000000 ____D () C:\Program Files (x86)\VentSrv2014-10-27 21:02 - 2014-10-27 21:02 - 00659880 _____ () C:\Users\Petri\Downloads\ventrilo_srv-3.0.3-Windows.exe2014-10-27 21:02 - 2014-10-27 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv2014-10-27 20:56 - 2014-10-27 20:56 - 00000917 _____ () C:\Users\Petri\Desktop\Ventrilo.lnk2014-10-27 20:56 - 2014-10-27 20:56 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini2014-10-27 20:56 - 2014-10-27 20:56 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo2014-10-27 20:56 - 2014-10-27 20:56 - 00000000 ____D () C:\Program Files\Ventrilo2014-10-27 20:55 - 2014-10-27 20:55 - 04135696 _____ () C:\Users\Petri\Downloads\ventrilo-3.0.8-Windows-x64.exe2014-10-27 19:56 - 2014-10-27 19:56 - 00011170 _____ () C:\Users\Petri\Downloads\9661ec0eb9e2f42c4c794e394d615a0292e9fb20.zip2014-10-25 10:17 - 2014-10-25 10:17 - 00362600 _____ () C:\Users\Petri\Downloads\la_compagnie_des_ombres.zip2014-10-25 10:16 - 2014-10-25 10:16 - 00374275 _____ () C:\Users\Petri\Downloads\coalhandluke.zip2014-10-25 10:16 - 2014-10-25 10:16 - 00023350 _____ () C:\Users\Petri\Downloads\blankenship.zip2014-10-25 10:15 - 2014-10-25 10:15 - 00997998 _____ () C:\Users\Petri\Downloads\good_karma.zip2014-10-25 10:15 - 2014-10-25 10:15 - 00031925 _____ () C:\Users\Petri\Downloads\rockers.zip2014-10-25 10:15 - 2014-10-25 10:15 - 00008492 _____ () C:\Users\Petri\Downloads\moonlight_prism.zip2014-10-25 10:14 - 2014-10-25 10:14 - 00082646 _____ () C:\Users\Petri\Downloads\rollandinemilie.zip2014-10-23 23:28 - 2014-10-23 23:28 - 00000000 ____D () C:\Users\Petri\AppData\Local\PAYDAY 22014-10-23 23:26 - 2014-10-23 23:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies2014-10-22 05:48 - 2014-10-22 05:48 - 00000000 ____D () C:\Users\Petri\AppData\Local\NPE2014-10-21 22:58 - 2014-10-21 22:58 - 00000222 _____ () C:\Users\Petri\Desktop\PAYDAY 2.url2014-10-21 19:09 - 2014-10-21 19:09 - 00046288 _____ () C:\Users\Petri\Downloads\MarkC_Windows7_MouseFix.zip2014-10-21 19:09 - 2014-10-21 19:09 - 00046288 _____ () C:\Users\Petri\Downloads\MarkC_Windows7_MouseFix (1).zip2014-10-21 18:49 - 2014-11-13 23:27 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Mumble2014-10-21 18:48 - 2014-10-21 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble2014-10-21 09:17 - 2014-10-21 09:17 - 00000000 ____D () C:\Users\Petri\AppData\Local\Logitech2014-10-21 09:17 - 2014-10-21 09:17 - 00000000 ____D () C:\ProgramData\LogiShrd2014-10-21 09:14 - 2014-10-21 09:15 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys2014-10-21 09:14 - 2014-10-21 09:15 - 00000776 _____ () C:\Windows\LkmdfCoInst.log2014-10-21 09:14 - 2014-10-21 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech2014-10-21 09:13 - 2014-10-21 09:16 - 00000000 ____D () C:\Program Files\Logitech Gaming Software2014-10-21 09:08 - 2014-10-21 09:08 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Logitech2014-10-21 09:08 - 2014-10-21 09:08 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Logishrd2014-10-21 09:06 - 2014-10-21 09:07 - 62715208 _____ (Logitech Inc.) C:\Users\Petri\Downloads\lgs8.56.109_x64.exe2014-10-20 16:05 - 2014-11-12 20:09 - 00035986 _____ () C:\Windows\DirectX.log2014-10-20 14:27 - 2014-10-20 14:27 - 00000219 _____ () C:\Users\Petri\Desktop\Counter-Strike Global Offensive.url2014-10-20 14:22 - 2014-11-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-20 14:22 - 2014-10-20 14:22 - 01142392 _____ () C:\Users\Petri\Downloads\SteamSetup.exe2014-10-20 14:22 - 2014-10-20 14:22 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk2014-10-20 14:22 - 2014-10-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2014-10-18 23:21 - 2014-10-18 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET2014-10-16 22:24 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 22:24 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 22:24 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 22:24 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 22:24 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 22:24 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 22:24 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 22:24 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 22:24 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 22:24 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 22:24 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 22:24 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 22:24 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-16 22:24 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 22:24 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 22:24 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 22:24 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 22:24 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 22:24 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 13:51 - 2014-10-16 13:51 - 00002298 _____ () C:\Users\Petri\Desktop\ess suku.txt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 17:11 - 2013-09-19 19:42 - 00000000 ____D () C:\Users\Petri\AppData\Local\Battle.net2014-11-14 17:05 - 2012-03-31 13:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-14 16:57 - 2012-03-31 12:40 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job2014-11-14 16:41 - 2012-03-31 09:20 - 01110231 _____ () C:\Windows\WindowsUpdate.log2014-11-14 15:57 - 2012-03-31 12:40 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job2014-11-14 09:28 - 2014-07-17 20:23 - 00044910 _____ () C:\Windows\setupact.log2014-11-14 09:22 - 2012-08-13 17:22 - 00000000 ____D () C:\Users\Petri\AppData\Local\Adobe2014-11-14 09:19 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-14 09:19 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-14 09:12 - 2012-07-25 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA2014-11-14 09:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-14 09:12 - 2009-07-14 04:34 - 00000402 _____ () C:\Windows\win.ini2014-11-14 00:47 - 2014-07-18 15:32 - 00076376 _____ () C:\Windows\PFRO.log2014-11-14 00:46 - 2014-07-21 13:27 - 00000000 ____D () C:\AdwCleaner2014-11-14 00:41 - 2013-04-13 18:47 - 00000000 ____D () C:\Users\Petri\AppData\Local\Spotify2014-11-14 00:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF2014-11-13 23:42 - 2012-07-29 00:22 - 00000000 ____D () C:\Program Files\CPUID2014-11-13 20:05 - 2012-03-31 13:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-13 20:05 - 2012-03-31 13:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-13 20:05 - 2012-03-31 13:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-13 19:31 - 2013-04-13 18:46 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Spotify2014-11-13 09:36 - 2014-02-24 10:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-11-13 09:36 - 2014-02-24 10:01 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-11-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache2014-11-12 16:34 - 2009-07-14 06:45 - 00551976 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-12 16:12 - 2013-08-14 21:25 - 00000000 ____D () C:\Windows\system32\MRT2014-11-12 16:03 - 2012-03-31 13:50 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-12 14:06 - 2014-10-13 23:01 - 00012499 _____ () C:\Users\Petri\Desktop\Ruokapohdintaa.ods2014-11-11 18:35 - 2012-03-31 13:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-11-11 18:06 - 2012-03-31 13:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy2014-11-11 16:31 - 2013-08-31 17:41 - 00000000 ____D () C:\Program Files\CCleaner2014-11-09 23:28 - 2012-03-31 09:21 - 00000000 ____D () C:\Users\Petri2014-11-08 20:46 - 2013-01-06 19:36 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\vlc2014-11-07 02:21 - 2012-03-31 13:26 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\uTorrent2014-11-06 12:39 - 2014-02-24 16:42 - 00000000 ____D () C:\Users\Petri\Desktop\DLOAD2014-11-05 20:12 - 2014-09-11 22:34 - 00001279 _____ () C:\Users\Petri\Desktop\pup.txt2014-11-03 11:17 - 2014-04-20 10:05 - 00000132 _____ () C:\Users\Petri\AppData\Roaming\Adobe PNG Format CS5 Prefs2014-11-03 11:17 - 2014-04-05 21:20 - 00001456 _____ () C:\Users\Petri\AppData\Local\Adobe Save for Web 12.0 Prefs2014-10-31 07:38 - 2009-07-14 07:13 - 00795190 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-27 21:05 - 2012-03-31 18:09 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Ventrilo2014-10-25 10:19 - 2012-03-31 12:40 - 00140376 _____ () C:\Users\Petri\AppData\Local\GDIPFONTCACHEV1.DAT2014-10-21 18:55 - 2012-03-31 14:51 - 00000000 ____D () C:\Users\Petri\AppData\Local\CrashDumps2014-10-21 18:48 - 2012-05-27 18:50 - 00000000 ____D () C:\Program Files (x86)\Mumble2014-10-21 09:13 - 2013-04-19 16:42 - 00000000 ____D () C:\ProgramData\Package Cache2014-10-19 14:52 - 2012-03-31 12:40 - 00003992 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA2014-10-19 14:52 - 2012-03-31 12:40 - 00003596 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core2014-10-18 07:34 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP:====================C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dllC:\Users\Petri\AppData\Local\Temp\Quarantine.exeC:\Users\Petri\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 13:54 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:908017 Share Posted November 14, 2014 Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014Ran by Petri at 2014-11-14 17:14:04Running from C:\Users\Petri\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)Adobe Reader X (10.1.8) - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Applen ohjelmatuki (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: - Creative Technology Limited)Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)Digital Dogsitter (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Digital Dogsitter) (Version: - )Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) HiddenESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version: - )Google Chrome (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Java 7 Update 6 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217006FF}) (Version: 7.0.60 - Oracle)Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLogitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)OpenAL (HKLM-x32\...\OpenAL) (Version: - )OpenOffice.org 3.3 (HKLM-x32\...\{6707309D-7FBC-43C9-926F-A66C69054768}) (Version: 3.3.9567 - OpenOffice.org)Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) HiddenPunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) HiddenSimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: 1.0.0.0 - Electronic Arts)SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)Spotify (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)The Sims™ 3 70-, 80- ja 90-luku Kamasetti (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)The Sims™ 3 Baana auki Kamasetti (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)The Sims™ 3 Diesel Kamasetti (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)The Sims™ 3 Iltahuvit (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)The Sims™ 3 Leffa Kamasetti (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)The Sims™ 3 Lemmikit (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)The Sims™ 3 Luksuslukaali Kamasetti (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)The Sims™ 3 Maailmanmatkaaja (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)The Sims™ 3 Makkari & Kylppäri Kamasetti (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)The Sims™ 3 Paratiisisaari (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)The Sims™ 3 Pihaparatiisi Kamasetti (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)The Sims™ 3 Superstara (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)The Sims™ 3 Tulevaisuuteen (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)The Sims™ 3 Täyttä Elämää (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)The Sims™ 3 Unelmaduuni (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)The Sims™ 3 Vuodenajat (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)The Sims™ 3 Yliopistoelämää (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)Trust tablet driver (HKLM\...\RmTablet) (Version: 5.01 - )VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) HiddenVentrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)Ventrilo Server (HKLM-x32\...\{1D46A3A0-B37D-423A-91C2-101A49E2FF80}) (Version: 3.0.3 - Flagship Industries, Inc.)Windows Liven asennustyökalu (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{23be3283-16c5-4912-b219-b2088a7e6985}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 12-11-2014 14:01:45 Windows Update12-11-2014 18:07:12 Installed DirectX13-11-2014 22:54:07 Installed STOPzilla14-11-2014 14:27:18 zoek.exe restore point14-11-2014 14:58:40 zoek.exe restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2014-04-01 15:33 - 00000814 ____N C:\Windows\system32\Drivers\etc\hosts127.0.0.1 activate.adobe.com ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0E6C6195-24C3-4D39-A9B7-0FD2B9B5044B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)Task: {2EE0FE5D-047C-404E-8624-9C0D4E8F1219} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)Task: {5F302171-B55E-4694-AE29-2E92802F397D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {7CF431F3-94BC-4629-A7F9-F9E898A47FBA} - System32\Tasks\AdobeAAMUpdater-1.0-Petri-PC-Petri => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)Task: {8D8E665B-CEEA-450C-907D-018972A79C79} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {8DEA142B-6C7F-48ED-A906-AB585BA39E79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)Task: {9558CFB0-95A1-435E-A2FB-AB95917DAAE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {A4DE0715-90D0-4579-8A35-19819F2BD276} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: {BC06D82D-98F7-4206-A021-E7D2B2039FFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {E0ECBBD9-91FF-4AD3-8937-95BD00416A47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {EA719AB6-1EFE-487A-A0E4-07C1391401BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)Task: {F670D779-0526-4D88-ACF0-AC2A73572BBB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-07-25 16:39 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-09-16 23:02 - 2014-09-16 23:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll2014-09-16 23:02 - 2014-09-16 23:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll2014-09-16 23:02 - 2014-09-16 23:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll2014-09-16 23:02 - 2014-09-16 23:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll2012-06-14 19:17 - 2014-02-24 16:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-07-21 09:03 - 2012-10-19 10:01 - 00581120 _____ () C:\Windows\system32\atwtusb.exe2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-11-11 18:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-11-11 18:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-11-11 18:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-11-11 18:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-11-11 18:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll2014-10-28 09:58 - 2014-10-22 06:04 - 08910664 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-28 09:58 - 2014-10-22 06:04 - 01681224 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2013-09-25 05:07 - 2013-09-25 05:07 - 01582568 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3-3.dll2013-09-25 05:07 - 2013-09-25 05:07 - 01534216 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3f-3.dll2014-11-07 19:12 - 2014-11-07 19:12 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libcef.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libGLESv2.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\platforms\qwindows.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libEGL.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qgif.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qico.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qjpeg.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qmng.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qtiff.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick.2\qtquick2plugin.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick\Layouts\qquicklayoutsplugin.dll2014-11-07 19:12 - 2014-11-07 19:12 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQml\Models.2\modelsplugin.dll2014-11-13 20:05 - 2014-11-13 20:05 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll2014-10-28 09:58 - 2014-10-22 06:04 - 01042760 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-28 09:58 - 2014-10-22 06:04 - 00211272 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exeMSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exeMSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXEMSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStartMSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exeMSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundMSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunMSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1149593954-1596858650-3402885492-500 - Administrator - Disabled)Guest (S-1-5-21-1149593954-1596858650-3402885492-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1149593954-1596858650-3402885492-1004 - Limited - Enabled)Petri (S-1-5-21-1149593954-1596858650-3402885492-1000 - Administrator - Enabled) => C:\Users\Petri ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (11/14/2014 09:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:48:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:26:58 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:08:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 04:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program Wow-64.exe version 6.0.3.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 83c Start Time: 01cfff4a677f43c6 Termination Time: 14 Application Path: C:\World of Warcraft\Wow-64.exe Report Id: d4916f9a-6b3d-11e4-b98a-f46d045073c3 Error: (11/13/2014 08:46:55 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 01:07:42 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2014 04:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors:=============Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Ide\IdePort1. Error: (11/14/2014 00:49:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s). Error: (11/14/2014 00:36:36 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F} Microsoft Office Sessions:=========================Error: (11/14/2014 09:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:48:09 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:26:58 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/14/2014 00:08:53 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 04:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Wow-64.exe6.0.3.1911683c01cfff4a677f43c614C:\World of Warcraft\Wow-64.exed4916f9a-6b3d-11e4-b98a-f46d045073c3 Error: (11/13/2014 08:46:55 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/13/2014 01:07:42 AM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/12/2014 04:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors:=================================== Date: 2012-11-07 18:03:07.335 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-05 20:15:34.647 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-05 16:27:54.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-05 06:42:39.101 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-02 18:09:49.509 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-02 17:26:39.461 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-01 19:44:45.093 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-11-01 16:48:25.867 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-10-31 16:29:10.168 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. Date: 2012-10-31 07:11:30.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-2500K CPU @ 3.30GHzPercentage of memory in use: 48%Total physical RAM: 8168.86 MBAvailable physical RAM: 4234.31 MBTotal Pagefile: 16335.91 MBAvailable Pagefile: 12303.61 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:427.66 GB) NTFSDrive d: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:21.14 GB) NTFSDrive x: (SSD) (Fixed) (Total:119.24 GB) (Free:64.54 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 78EEA757)Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000A30BE)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ========================================================Disk: 2 (Size: 232.9 GB) (Disk ID: A4B57300)Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted November 14, 2014 ID:908151 Share Posted November 14, 2014 Hi Scan with CKScanner Download CKScanner by askey127 and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.click Search For Files.When finished, click Save List To File.Remember to run this tool once only, if not asked to run it again.Please include the content of CKFiles.txt in your next reply. Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:908229 Share Posted November 14, 2014 CKScanner 2.4 - Additional Security Risks - These are not necessarily badhosts 127.0.0.1 activate.adobe.comscanner sequence 3.AP.11.PVAAR0 ----- EOF ----- Link to post Share on other sites More sharing options...
pezuy Posted November 14, 2014 Author ID:908239 Share Posted November 14, 2014 Dunno if this helps anything, I was checking in %temp% and there is a weird folder called "WPDNSE", I went into properties and it has user: "_ISW_RESTRICTED_GROUP_ (Petri-PC\_ISW_RESTRICTED_GROUP). Link to post Share on other sites More sharing options...
Naathim Posted November 15, 2014 ID:908288 Share Posted November 15, 2014 Ok. Why you have got blocked adobe activation?Is it pirated? Link to post Share on other sites More sharing options...
pezuy Posted November 15, 2014 Author ID:908403 Share Posted November 15, 2014 It is, however I have been trying to delete every single pirated file that I had before coming here because I read the topic from one of the admins saying that people would not help me if I have pirated stuff in my computer, I will delete it now. If you won't help me I guess its understandable :/ Link to post Share on other sites More sharing options...
Naathim Posted November 15, 2014 ID:908555 Share Posted November 15, 2014 Yes, our policy is not to help anyone who has pirated stuff installed. However, if you will uninstall it we may be able to continue. This is your call. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 21, 2014 Root Admin ID:910827 Share Posted November 21, 2014 This topic will now be closed due to evidence of cracked or pirated software on this system. Piracy Policy Link to post Share on other sites More sharing options...
Recommended Posts