Jump to content

Misread link, downloaded .jpg instantly from tinyurl


Recommended Posts

I am not sure if I am allowed to paste a link with a path provided by preview.tinyurl.com, so at this point I will not paste it but I will if needed.

 

So short story:

I was browsing gaming forum and there was imgur link from one of the posters, which actually was tinyurl.com/IMAGE-xXxXxXx (xxxx are really numbers but I will keep them away since I do no think its appropriate to post infected links here), but I misread it and clicked it. It instantly downloaded picture to my computer, but as soon as I realized this I went to the file location and deleted instantly without opening it.

 

I have tried scanning my computer with safe modes on, with Malwarebytes, Norton 360 and Spybot too, but have not found anything and now I am being paranoid all the time wether or not I should even log to emails etc without some prick getting my informations.

 

So do I have malware on loose or should I just let it be? Thank you for reading!

Link to post
Share on other sites

Posted this thread 11.11, its 13th now, I am not sure if allowed to bump or not. Still in need of help ;c Computer feels slower after I clicked the link but so far I have found nothing that implies to malware nor virus. Might be in my head too

Link to post
Share on other sites

Hi :)

First of all don't get paranoid. Let me check what is going on there.

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites
Hello! Thank you for replying! I did what you asked, but when I hit "scan" there were options to quick scan, deep scan, quick scan + clean and deep scan + clean. But I only did the deep scan. But here are the notepad that popped in the end:

-----------------------------------------------------------------------------

 

Zoek.exe v5.0.0.0 Updated 13-November-2014

Tool run by Petri on pe 14.11.2014 at 16:23:06,59.

Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Petri\Downloads\zoek.exe [scan all users]   [Deep Scan] 

 

==== System Restore Info ======================

 

14.11.2014 16:27:36 Zoek.exe System Restore Point Created Succesfully.

 

==== Running Processes ======================

 

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

 

==== System Specs ======================

 

Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 8169 MB

CPU Info: Intel® Core i5-2500K CPU @ 3.30GHz

CPU Speed: 3307,8 MHz

Sound Card: PHILIPS FTV-4 (NVIDIA High Defi | 

Speakers (Realtek High Definiti | 

Realtek Digital Output (Realtek | 

Realtek Digital Output(Optical) | 

SPDIF Out (Creative SB X-Fi) | 

Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Realtek PCIe GBE Family Controller

CD / DVD Drives: 1x (E: | ) E: DTSOFT  BDROM

Ports: COM1 LPT Port NOT Present. 

Mouse: 8 Button Wheel Mouse Present

Hard Disks: C:  931,4GB | D:  232,9GB | X:  119,2GB

Hard Disks - Free: C:  428,2GB | D:  19,5GB | X:  64,5GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009

Time Zone: FLE Standard Time

Motherboard *: ASUSTeK Computer INC. P8P67 REV 3.1

Country: Suomi 

Language: FIN 

 

==== System Specs (Software) ======================

 

Anti-Virus: Norton 360 On-access scanning disabled (Outdated)

Anti-Spyware: Norton 360 disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)

Firewall: Norton 360 disabled

Default Browser: Google Chrome 38.0.2125.111

Internet Explorer version: 8.0.7601.17514 

Google Chrome version: 38.0.2125.111

Adobe Reader version: 10.1.8.24

Sun Java version: 1.7.0_06 (32-bit) 

Flash Player version: 15.0.0.223

 

==== Files Recently Created / Modified ======================

 

====== C:\Windows ====

2014-10-27 18:56:40 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

====== C:\Users\Petri\AppData\Local\Temp ====

2014-11-13 22:53:19 5243EF3BDAB96A51C6D4B8F42B058690 30883840 ----a-w- C:\Users\Petri\AppData\Local\Temp\STOPzilla!\SZPRO6.msi

2014-11-13 22:49:47 1BE52FA937585CCFEB9D0B6568B1C9D0 75264 ----a-w- C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dll

2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Petri\AppData\Local\Temp\sqlite3.dll

2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe

====== Java Cache =====

====== C:\Windows\SysWOW64 =====

2014-11-12 07:03:56 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll

2014-11-12 07:03:56 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll

2014-11-12 07:03:56 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2014-11-12 07:03:56 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2014-11-12 07:03:52 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll

2014-11-12 07:03:52 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll

2014-11-12 07:03:49 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL

2014-11-12 07:03:45 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll

2014-11-12 07:03:45 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll

2014-11-12 07:03:45 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll

2014-11-12 07:03:38 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll

2014-11-12 07:03:38 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll

2014-11-12 07:03:38 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2014-11-12 07:03:38 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll

2014-11-12 07:03:38 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll

2014-11-12 07:03:38 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2014-11-12 07:03:38 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll

2014-11-12 07:03:33 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll

2014-11-12 07:03:29 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll

2014-11-12 07:03:27 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2014-11-12 07:03:56 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll

2014-11-12 07:03:56 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll

2014-11-12 07:03:56 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll

2014-11-12 07:03:56 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll

2014-11-12 07:03:52 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll

2014-11-12 07:03:52 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll

2014-11-12 07:03:49 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL

2014-11-12 07:03:45 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll

2014-11-12 07:03:45 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll

2014-11-12 07:03:45 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll

2014-11-12 07:03:45 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll

2014-11-12 07:03:45 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll

2014-11-12 07:03:40 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll

2014-11-12 07:03:39 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2014-11-12 07:03:38 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll

2014-11-12 07:03:38 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll

2014-11-12 07:03:38 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll

2014-11-12 07:03:38 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll

2014-11-12 07:03:38 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll

2014-11-12 07:03:33 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll

2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys

2014-11-12 07:03:29 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll

2014-11-12 07:03:27 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll

2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe

====== C:\Windows\Sysnative\drivers =====

2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys

2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys

2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys

2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys

2014-10-21 07:14:47 64AEB5790901EA8854884981F104CAA6 18960 ----a-w- C:\Windows\Sysnative\drivers\LNonPnP.sys

2014-10-16 20:24:02 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2014-10-16 20:24:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

====== C:\Windows\Tasks ======

2014-11-13 22:50:01 5446ABB5635AB581E585E4C362030E2D 3146 ----a-w- C:\Windows\Sysnative\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}

2014-11-11 16:06:29 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-11-13 07:36:10 -------- d-----w- C:\Program Files\iPod

2014-11-13 07:36:08 -------- d-----w- C:\Program Files\iTunes

2014-10-27 18:56:43 -------- d-----w- C:\Program Files\Ventrilo

======= C:\PROGRA~2 =====

2014-11-13 07:36:08 -------- d-----w- C:\PROGRA~2\iTunes

2014-11-07 17:12:05 -------- d-----w- C:\PROGRA~2\Battle.net

2014-10-27 19:02:34 -------- d-----w- C:\PROGRA~2\VentSrv

2014-10-27 18:56:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard

2014-10-20 12:22:47 -------- d-----w- C:\PROGRA~2\Steam

2014-10-18 21:21:26 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET

======= C: =====

====== C:\Users\Petri\AppData\Roaming ======

2014-11-11 16:08:44 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs

2014-10-27 18:56:45 -------- d-----w- C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo

2014-10-23 21:28:09 -------- d-----w- C:\Users\Petri\AppData\Local\PAYDAY 2

2014-10-22 03:48:09 -------- d-----w- C:\Users\Petri\AppData\Local\NPE

2014-10-21 16:49:46 -------- d-----w- C:\Users\Petri\AppData\Roaming\Mumble

====== C:\Users\Petri ======

2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe

2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe

2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe

2014-11-13 21:43:19 -------- d-----w- C:\ProgramData\RogueKiller

2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe

2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe

2014-11-13 07:36:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-11-13 07:36:08 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe

2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe

2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe

2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com

2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe

2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-08 00:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone

2014-11-07 17:22:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

2014-11-07 17:12:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe

2014-10-27 19:02:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv

2014-10-21 16:48:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble

2014-10-20 12:22:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

 

====== C: exe-files ==

2014-11-14 07:56:27 FF014FC26936DDB5FED71323C8C8B602 4375312 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067c0\DAO.19053070.exe

2014-11-14 07:56:27 E9252383496C120FA55CE9A03D31E94C 426056 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067be\CoProc update.19053990.exe

2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe

2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe

2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe

2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe

2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe

2014-11-13 07:32:05 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe

2014-11-12 07:55:32 C04B2A7C132168E175EFD142D28B9199 32352984 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\fb02833e-a93d-43c2-9ff2-1324f701c4bf\GeForce_Experience_Update_v2.1.4.0.exe

2014-11-11 17:46:42 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Petri\Desktop\mbar\Plugins\fixdamage.exe

2014-11-11 17:46:42 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Petri\Desktop\mbar\mbamdor.exe

2014-11-11 17:46:42 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Petri\Desktop\mbar\mbar.exe

2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe

2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe

2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe

2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe

2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe

2014-11-08 00:03:25 F62699E0CBAA07AF65048EFC33A8C720 10400304 ----a-w- C:\Hearthstone\Hearthstone.exe

2014-11-08 00:03:25 B8E8942CEAC065FC740B96AD6A8C6E7A 3055152 ----a-w- C:\Hearthstone\Hearthstone Beta Launcher.exe

2014-11-07 17:12:05 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe

2014-11-07 17:12:05 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe

2014-11-07 17:12:05 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Battle.net\Uninstall.exe

2014-11-07 17:12:05 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe

2014-11-07 17:12:05 65E168CE4D531B15C0E7DD52460DDE7B 9986608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe

2014-11-07 17:12:05 0FB5EB5C3639C88A02DADA0BBC079A58 2864688 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

2014-11-07 17:08:17 C714408EEFF4EA72239A39A97FA062E6 10615856 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe

=== C: other files ==

2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys

2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys

2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com

2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-11-08 17:52:20 9A92A30DB657636DDF39781660EDFF09 15654 ----a-w- C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip

 

==== Startup Registry Enabled ======================

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CtxfiReg"="CTXFIREG.exe /FAIL1"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

 

[HKEY_USERS\S-1-5-21-1149593954-1596858650-3402885492-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "

"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "

 

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"CtxfiReg"="CTXFIREG.exe /FAIL1"

 

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "

"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "

 

==== Startup Registry Enabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"

"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"

 

==== Startup Registry Disabled x64 ======================

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="APSDaemon"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AthBtTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AtherosBtStack"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtwtusbIcon]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="AtwtusbIcon"

"hkey"="HKLM"

"command"="AtwtusbIcon.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CAHeadless"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Adobe\\Elements 12 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTxfiHlp]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CTxfiHlp"

"hkey"="HKLM"

"command"="CTXFIHLP.EXE"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dyyno Launcher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Dyyno Launcher"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Dyyno\\Dyyno Broadcaster\\dyyno_launcher.exe\" 30100 30101 30102 30103 30104"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EADM"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Family Tree Builder Update"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="iTunesHelper"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="msnmsgr"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Spotify Web Helper"

"hkey"="HKCU"

"command"="\"C:\\Users\\Petri\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="WinampAgent"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]

 

 

==== Task Scheduler Jobs ======================

 

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13.11.2014 20:05]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job --a------ [undetermined Task]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job --a------ C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [31.03.2012 12:40]

 

==== Other Scheduled Tasks ======================

 

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Petri-PC-Petri" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]

"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core" [C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA" [C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]

"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\Windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]

"C:\Windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]

"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]

"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]

"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

 

==== Firefox Extensions Registry ======================

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [18.11.2013 17:01]

 

==== Chromium Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

iikflkcanblccfahdhdonehdalibjnif - No path found[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[20.09.2014 10:52]

 

YouTube - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Wallet - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

undetermined - Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\1.93.rar

 

==== IE Start and Search Settings ======================

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} Yahoo  Url="http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"


 

==== HijackThis Entries ======================

 

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

R3 - URLSearchHook: (no name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll

O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL1 (User 'Default user')

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab


O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: Adobe Active File Monitor V12 (AdobeActiveFileMonitor12.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe

O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe (file missing)

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=0 folders=0 0 bytes)

 

==== EOF on pe 14.11.2014 at 16:33:48,12 ======================
Link to post
Share on other sites

Sorry. I noticed some odd in my task manager "pevz.exe" it appeared after disabling Norton Smart Firewall. Googled says its malicious trojan

 

however here are the results

 

---

 
Zoek.exe v5.0.0.0 Updated 13-November-2014
Tool run by Petri on pe 14.11.2014 at 16:58:20,27.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Petri\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-11-14-143348.log 39750 bytes
 
==== System Restore Info ======================
 
14.11.2014 16:58:47 Zoek.exe System Restore Point Created Succesfully.
 
==== Installed Programs ======================
 
æTorrent  
Adobe AIR  
Adobe Download Assistant  
Adobe Flash Media Live Encoder 3.2  
Adobe Flash Player 15 ActiveX  
Adobe Flash Player 15 Plugin  
Adobe Photoshop Elements 12  
Adobe Photoshop Lightroom 5.2 64-bit  
Adobe Reader X (10.1.8) - Suomi  
Apple Mobile Device Support  
Apple Software Update  
Applen ohjelmatuki  
Asmedia ASM104x USB 3.0 Host Controller Driver  
Audacity 2.0  
Battle.net  
Battlefield 3T  
Battlelog Web Plugins  
Bonjour  
Canon MP250 series MP Drivers  
CCleaner  
Counter-Strike: Global Offensive  
Creative ALchemy  
Creative Audio Control Panel  
Creative Console Launcher  
Creative MediaSource 5  
Creative Software AutoUpdate  
Creative Sound Blaster Properties x64 Edition  
Creative WaveStudio 7  
D3DX10  
DAEMON Tools Lite  
Digital Dogsitter  
Elements 12 Organizer  
ESN Sonar  
Fliqlo Screen Saver  
Google Chrome  
Hearthstone  
Intel® Management Engine Components  
iTunes  
Java 7 Update 6  
Java Auto Updater  
Java 6 Update 22  
Java 6 Update 31  
JavaFX 2.1.0  
Junk Mail filter update  
Logitech Gaming Software 8.56  
Malwarebytes Anti-Malware version 2.0.3.1025  
marvell 91xx driver  
Microsoft .NET Framework 4.5.1  
Microsoft Application Error Reporting  
Microsoft ASP.NET MVC 4 Runtime  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106  
Microsoft WSE 3.0 Runtime  
MSI Afterburner 2.3.1  
MSVCRT  
MSVCRT_amd64  
Mumble 1.2.8  
MyHeritage Family Tree Builder  
NirSoft BlueScreenView  
Norton 360  
NVIDIA 3D Vision Controller Driver 344.11  
NVIDIA 3D Vision Driver 344.11  
NVIDIA Control Panel 344.11  
NVIDIA GeForce Experience 2.1.2  
NVIDIA GeForce Experience Service  
NVIDIA Graphics Driver 344.11  
NVIDIA HD Audio Driver 1.3.32.1  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA Network Service  
NVIDIA PhysX  
NVIDIA ShadowPlay 16.13.42  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 16.13.42  
NVIDIA Update Core  
NVIDIA Virtual Audio 1.2.25  
OpenAL  
OpenOffice.org 3.3  
Origin  
PAYDAY 2  
PSE12 STI Installer  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)  
SHIELD Streaming  
SHIELD Wireless Controller Driver  
SimCity 4 Deluxe  
SimCityT  
Spotify  
Spybot - Search & Destroy  
Steam  
The SimsT 3  
The SimsT 3 70-, 80- ja 90-luku Kamasetti  
The SimsT 3 Baana auki Kamasetti  
The SimsT 3 Diesel Kamasetti  
The SimsT 3 Iltahuvit  
The SimsT 3 Leffa Kamasetti  
The SimsT 3 Lemmikit  
The SimsT 3 Luksuslukaali Kamasetti  
The SimsT 3 Maailmanmatkaaja  
The SimsT 3 Makkari & Kylpp„ri Kamasetti  
The SimsT 3 Paratiisisaari  
The SimsT 3 Pihaparatiisi Kamasetti  
The SimsT 3 Supernatural  
The SimsT 3 Superstara  
The SimsT 3 Tulevaisuuteen  
The SimsT 3 T„ytt„ El„m„„  
The SimsT 3 Unelmaduuni  
The SimsT 3 Vuodenajat  
The SimsT 3 Yliopistoel„m„„  
Trust tablet driver  
VC 9.0 Runtime  
Ventrilo Client for Windows x64  
Ventrilo Server  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live ID Sign-in Assistant  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Mail  
Windows Live Messenger  
Windows Live MIME IFilter  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Windows Liven asennusty”kalu  
Windows Liven s„hk”posti  
WinRAR 5.10 beta 4 (64-bit)  
VLC media player  
World of Warcraft  
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe
C:\Users\Petri\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
 
==== System Specs ======================
 
Windows: Windows 7 Professional Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8169 MB
CPU Info: Intel® Core i5-2500K CPU @ 3.30GHz
CPU Speed: 3310,4 MHz
Sound Card: PHILIPS FTV-4 (NVIDIA High Defi | 
Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Realtek Digital Output(Optical) | 
SPDIF Out (Creative SB X-Fi) | 
Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: DTSOFT  BDROM
Ports: COM1 LPT Port NOT Present. 
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  931,4GB | D:  232,9GB | X:  119,2GB
Hard Disks - Free: C:  427,8GB | D:  19,5GB | X:  64,5GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/05/10 | ALASKA - 1072009
Time Zone: FLE Standard Time
Motherboard *: ASUSTeK Computer INC. P8P67 REV 3.1
Country: Suomi 
Language: FIN 
 
==== System Specs (Software) ======================
 
Anti-Virus: Norton 360 On-access scanning disabled (Outdated)
Anti-Spyware: Norton 360 disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Firewall: Norton 360 disabled
Default Browser: Google Chrome 38.0.2125.111
Internet Explorer version: 8.0.7601.17514 
Google Chrome version: 38.0.2125.111
Adobe Reader version: 10.1.8.24
Sun Java version: 1.7.0_06 (32-bit) 
Flash Player version: 15.0.0.223
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-10-27 18:56:40 01A4FEEB9CB3E8C739CE62EB050D363D 262 ----a-w- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
====== C:\Users\Petri\AppData\Local\Temp ====
2014-11-13 22:53:19 5243EF3BDAB96A51C6D4B8F42B058690 30883840 ----a-w- C:\Users\Petri\AppData\Local\Temp\STOPzilla!\SZPRO6.msi
2014-11-13 22:49:47 1BE52FA937585CCFEB9D0B6568B1C9D0 75264 ----a-w- C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dll
2014-11-08 08:47:13 5C73E64374D9BA37AC5569D1F7DE5C9B 665682 ----a-w- C:\Users\Petri\AppData\Local\Temp\sqlite3.dll
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-12 07:03:56 9AB39ADD28C7C1A685B1EA8C6A25CF08 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll
2014-11-12 07:03:56 980EEEE8815DA7593708774D1225BD35 681984 ----a-w- C:\Windows\SysWOW64\adtschema.dll
2014-11-12 07:03:56 9216ABFD53F5EC1F35C3554AD1A175DE 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll
2014-11-12 07:03:56 13E5B1CD503A4B21E9F0A2D55A00198B 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll
2014-11-12 07:03:52 537184E7306E06BB22C5B93D2AFA4DF8 1237504 ----a-w- C:\Windows\SysWOW64\msxml3.dll
2014-11-12 07:03:52 09FA271EE1F9AD68B2D1C1C210F4B71F 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 07:03:49 5FDBDEECA34E73325D87C5ACD16A3EEC 701440 ----a-w- C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:03:45 FD79B005E849DF3D7E9B5EB7A637C528 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 07:03:45 AA7325057A1E1CC401798C0B1238E182 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 07:03:45 8D338464B851DDD76E2B876A3E09EB70 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:03:38 B580A6B9932669DE703001AEE66D5BB1 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 07:03:38 9CEA80FFC617E6B6DD7B52E6225C0D38 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 07:03:38 8FE6AB488ECDC60930CE973A7051B0D4 221184 ----a-w- C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 07:03:38 8CFAEFCD7F1E004950FCAE870A501B3E 248832 ----a-w- C:\Windows\SysWOW64\schannel.dll
2014-11-12 07:03:38 8205E55DFB11809E5F2AAD1C48840535 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll
2014-11-12 07:03:38 3B3B8BA16DC999EA17D075D2F1064DE4 550912 ----a-w- C:\Windows\SysWOW64\kerberos.dll
2014-11-12 07:03:38 37BC079204BF9B087D6DE6B728908B4B 172032 ----a-w- C:\Windows\SysWOW64\wdigest.dll
2014-11-12 07:03:33 0F39AC3274312EFFD03928291E8BA7CA 67584 ----a-w- C:\Windows\SysWOW64\packager.dll
2014-11-12 07:03:29 CB55B9AAB060C803BE4AD229AA0FEC28 2363904 ----a-w- C:\Windows\SysWOW64\msi.dll
2014-11-12 07:03:27 EDA54D2E17C0271D2CDA946ABE344110 571904 ----a-w- C:\Windows\SysWOW64\oleaut32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-12 07:03:56 C4C1B73FC2FF151BA08E1EAFDE2A2FAF 1460736 ----a-w- C:\Windows\Sysnative\lsasrv.dll
2014-11-12 07:03:56 7184AEACDA13E64B10F84E9DD79C8A01 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll
2014-11-12 07:03:56 58F87BF5659C8EBC61EB439C916F2F9A 681984 ----a-w- C:\Windows\Sysnative\adtschema.dll
2014-11-12 07:03:56 008CD4EBFABCF78D0F19B3778492648C 683520 ----a-w- C:\Windows\Sysnative\termsrv.dll
2014-11-12 07:03:52 D005697F0467BBDDAB7638496DA5DB52 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll
2014-11-12 07:03:52 364ECFF4ABD9D575F4F7CF7EB7928EF3 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll
2014-11-12 07:03:49 1FEBD408F32DFC523882E7DA5AC57819 878080 ----a-w- C:\Windows\Sysnative\IMJP10K.DLL
2014-11-12 07:03:45 FAFCB80D42A65964B6F4945283B8C10F 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2014-11-12 07:03:45 DE3E38431B00C2EA247C53675DCF01A0 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2014-11-12 07:03:45 B1BB7B91C3C878FDB2874138CE81C4EF 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll
2014-11-12 07:03:45 A2C9E45F4069A002E985D1563D16813B 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2014-11-12 07:03:45 9383B21A4B77C130940262DDC5F3F49B 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2014-11-12 07:03:40 A71B81AC2C14ABA013CCF1225D9E3E36 342016 ----a-w- C:\Windows\Sysnative\schannel.dll
2014-11-12 07:03:39 109CC0DF72CC07A6CB59D2995255A1DA 309760 ----a-w- C:\Windows\Sysnative\ncrypt.dll
2014-11-12 07:03:38 DF30FC54FFF79BC744B22A4850A3CF92 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll
2014-11-12 07:03:38 55F0CF40479A1FC89CFA578909A540F2 210944 ----a-w- C:\Windows\Sysnative\wdigest.dll
2014-11-12 07:03:38 47C48C705F4F1EFC99B50B43AE4301FE 314880 ----a-w- C:\Windows\Sysnative\msv1_0.dll
2014-11-12 07:03:38 336BA030AB7B05300CB0B5C6AFB27176 22016 ----a-w- C:\Windows\Sysnative\credssp.dll
2014-11-12 07:03:38 028D99F83CBB31DB7995530B89EA13CF 728064 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-12 07:03:33 934735F508E297504460935B71E99F0B 77824 ----a-w- C:\Windows\Sysnative\packager.dll
2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-11-12 07:03:29 2720C94ADCC1727A66365CCB1CE456C4 3241984 ----a-w- C:\Windows\Sysnative\msi.dll
2014-11-12 07:03:27 B938AF16A521C913791C6F7AFF032757 861696 ----a-w- C:\Windows\Sysnative\oleaut32.dll
2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\Sysnative\sdnclean64.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-10-21 07:14:47 64AEB5790901EA8854884981F104CAA6 18960 ----a-w- C:\Windows\Sysnative\drivers\LNonPnP.sys
2014-10-16 20:24:02 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys
2014-10-16 20:24:02 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys
====== C:\Windows\Tasks ======
2014-11-13 22:50:01 5446ABB5635AB581E585E4C362030E2D 3146 ----a-w- C:\Windows\Sysnative\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}
2014-11-11 16:06:29 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-11-13 07:36:10 -------- d-----w- C:\Program Files\iPod
2014-11-13 07:36:08 -------- d-----w- C:\Program Files\iTunes
2014-10-27 18:56:43 -------- d-----w- C:\Program Files\Ventrilo
======= C:\PROGRA~2 =====
2014-11-13 07:36:08 -------- d-----w- C:\PROGRA~2\iTunes
2014-11-07 17:12:05 -------- d-----w- C:\PROGRA~2\Battle.net
2014-10-27 19:02:34 -------- d-----w- C:\PROGRA~2\VentSrv
2014-10-27 18:56:07 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-10-20 12:22:47 -------- d-----w- C:\PROGRA~2\Steam
2014-10-18 21:21:26 -------- d-----w- C:\PROGRA~2\Microsoft ASP.NET
======= C: =====
====== C:\Users\Petri\AppData\Roaming ======
2014-11-11 16:08:44 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-10-27 18:56:45 -------- d-----w- C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2014-10-23 21:28:09 -------- d-----w- C:\Users\Petri\AppData\Local\PAYDAY 2
2014-10-22 03:48:09 -------- d-----w- C:\Users\Petri\AppData\Local\NPE
2014-10-21 16:49:46 -------- d-----w- C:\Users\Petri\AppData\Roaming\Mumble
====== C:\Users\Petri ======
2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe
2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe
2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe
2014-11-13 21:43:19 -------- d-----w- C:\ProgramData\RogueKiller
2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe
2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe
2014-11-13 07:36:38 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-13 07:36:08 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe
2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe
2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe
2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com
2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe
2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-08 00:03:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-07 17:22:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-11-07 17:12:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe
2014-10-27 19:02:34 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv
2014-10-21 16:48:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-10-20 12:22:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
 
====== C: exe-files ==
2014-11-14 07:56:27 FF014FC26936DDB5FED71323C8C8B602 4375312 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067c0\DAO.19053070.exe
2014-11-14 07:56:27 E9252383496C120FA55CE9A03D31E94C 426056 ----a-w- C:\Users\Petri\AppData\Local\NVIDIA\NvBackend\Packages\000067be\CoProc update.19053990.exe
2014-11-13 22:50:58 5080A6769865315AF11722E0FB5D9AB8 2998656 ----a-w- C:\Users\Petri\Downloads\SpyHunter-Installer.exe
2014-11-13 22:49:33 8F41B14286A6667D7713E9D6B33A1EA2 707664 ----a-w- C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe
2014-11-13 22:44:32 6504113C2218667814D4F54847BA046A 2140160 ----a-w- C:\Users\Petri\Downloads\adwcleaner_4.101.exe
2014-11-13 21:41:53 47C6E378E9D4819109AEAD73A72E4B80 17535064 ----a-w- C:\Users\Petri\Downloads\RogueKillerX64.exe
2014-11-13 10:24:40 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\Users\Petri\Downloads\frst64.exe
2014-11-13 07:32:05 2BF25BB82936758771C99A2C70754E09 77104 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.0.1.26\SetupAdmin.exe
2014-11-12 07:55:32 C04B2A7C132168E175EFD142D28B9199 32352984 ----a-w- C:\ProgramData\NVIDIA Corporation\NetService\fb02833e-a93d-43c2-9ff2-1324f701c4bf\GeForce_Experience_Update_v2.1.4.0.exe
2014-11-12 07:03:49 73E0DAD52482E65C478EA46081C8785A 141312 ----a-w- C:\Windows\System32\IME\IMEJP10\imjpuexc.exe
2014-11-12 07:03:48 7EEB4D2A17421D337F970FB5C3B24410 106496 ----a-w- C:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe
2014-11-11 17:46:42 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\Users\Petri\Desktop\mbar\Plugins\fixdamage.exe
2014-11-11 17:46:42 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\Users\Petri\Desktop\mbar\mbamdor.exe
2014-11-11 17:46:42 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\Users\Petri\Desktop\mbar\mbar.exe
2014-11-11 17:45:48 405E11DD1024625E4ABB8925F3C3CBDA 14439144 ----a-w- C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe
2014-11-11 16:28:15 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\Users\Petri\Downloads\tdsskiller.exe
2014-11-11 16:06:12 82446D358A9FB51CB9DA32A5C901D7A0 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-11-11 15:17:22 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\7bcbk4bb.exe
2014-11-11 14:25:07 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Petri\Downloads\p1nu1hwm.exe
2014-11-10 15:12:29 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-08 08:33:34 7AAB90847C56E6F7E922BB29D5B3EA8A 601088 ----a-w- C:\Users\Petri\AppData\Local\Temp\Quarantine.exe
2014-11-08 00:03:25 F62699E0CBAA07AF65048EFC33A8C720 10400304 ----a-w- C:\Hearthstone\Hearthstone.exe
2014-11-08 00:03:25 B8E8942CEAC065FC740B96AD6A8C6E7A 3055152 ----a-w- C:\Hearthstone\Hearthstone Beta Launcher.exe
2014-11-07 17:22:57 62A6017CC28F004ECD09153184EE4D65 21259312 ----a-w- C:\World of Warcraft\Wow-64.exe
2014-11-07 17:22:56 F12F16D0CF059C42B2ABCF2EF627724D 819248 ----a-w- C:\World of Warcraft\Utils\WowBrowserProxyT.exe
2014-11-07 17:22:56 CB349FE518B83258F5E48D35C0571416 799792 ----a-w- C:\World of Warcraft\Utils\WowBrowserProxy.exe
2014-11-07 17:22:56 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\World of Warcraft\SystemSurvey.exe
2014-11-07 17:22:56 600E5D5442496128B9A48146E7E9E5DA 2905136 ----a-w- C:\World of Warcraft\World of Warcraft Launcher.exe
2014-11-07 17:22:56 354B262D3EE4D1F5198B01DCDC8DF13D 13706800 ----a-w- C:\World of Warcraft\Wow.exe
2014-11-07 17:22:55 98CB5B27549A3C9DD5CBC4F58F5A5BDB 334384 ----a-w- C:\World of Warcraft\BlizzardError.exe
2014-11-07 17:12:05 C69442812638BB1F21C1789D10E62013 1971760 ----a-w- C:\Program Files (x86)\Battle.net\SystemSurvey.exe
2014-11-07 17:12:05 C2703038EDF286117EC4ABE77897038D 399408 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.exe
2014-11-07 17:12:05 A829DDDC417B4BB4D8175DF1846B8BAA 1337424 ----a-w- C:\Program Files (x86)\Common Files\Blizzard Entertainment\Battle.net\Uninstall.exe
2014-11-07 17:12:05 9281BA1479347C2757EF6FBB52697921 333360 ----a-w- C:\Program Files (x86)\Battle.net\BlizzardError.exe
2014-11-07 17:12:05 65E168CE4D531B15C0E7DD52460DDE7B 9986608 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
2014-11-07 17:12:05 0FB5EB5C3639C88A02DADA0BBC079A58 2864688 ----a-w- C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
2014-11-07 17:08:17 C714408EEFF4EA72239A39A97FA062E6 10615856 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
2014-11-07 17:06:20 D53611191CFBBB805C1DC68FBF2485EF 2868792 ----a-w- C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe
=== C: other files ==
2014-11-13 21:43:22 975F2CAA23B9CF4420EAB6439BE4D233 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-11-12 07:03:56 41774FF331F609EF442B7398EE6202B1 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-11-12 07:03:31 93C055B6AAD76360A60CB7E59A491531 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-11-11 14:54:43 8B968045D75783A09592C3105F2865DA 688992 ------r- C:\Users\Petri\Downloads\dds.com
2014-11-10 15:13:21 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-10 15:13:08 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-10 15:13:08 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-10 15:13:08 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-08 17:52:20 9A92A30DB657636DDF39781660EDFF09 15654 ----a-w- C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe /FAIL1"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-1149593954-1596858650-3402885492-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "
"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe /FAIL1"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Spotify Web Helper"="C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "
"Spotify Web Helper"=""C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AthBtTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AthBtTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\AthBtTray.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtherosBtStack]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtherosBtStack"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Bluetooth Suite\\BtvStack.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtwtusbIcon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AtwtusbIcon"
"hkey"="HKLM"
"command"="AtwtusbIcon.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAHeadless]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAHeadless"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Adobe\\Elements 12 Organizer\\CAHeadless\\ElementsAutoAnalyzer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTxfiHlp]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTxfiHlp"
"hkey"="HKLM"
"command"="CTXFIHLP.EXE"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dyyno Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dyyno Launcher"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Dyyno\\Dyyno Broadcaster\\dyyno_launcher.exe\" 30100 30101 30102 30103 30104"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EADM"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Family Tree Builder Update]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Family Tree Builder Update"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\MyHeritage\\Bin\\FTBCheckUpdates.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Petri\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinampAgent"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Winamp\\winampa.exe\""
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Apple Mobile Device]
 
 
==== Task Scheduler Jobs ======================
 
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF" [18.11.2013 17:01]
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[20.09.2014 10:52]
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} Yahoo  Url="http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on pe 14.11.2014 at 17:02:13,82 ======================
Link to post
Share on other sites

I don't see any abnormalities here, but since you are running a natively 64bit system, I'd like you to provide another set of reports as well.

FRST.gif Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
Link to post
Share on other sites

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Petri (administrator) on PETRI-PC on 14-11-2014 17:13:29
Running from C:\Users\Petri\Downloads
Loaded Profile: Petri (Available profiles: Petri)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Spotify Ltd) C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Windows\System32\atwtusb.exe
() C:\Windows\System32\atwtusb.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 12\PhotoshopElementsEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5191\Battle.net.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Run: [Google Update] => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-03-31] (Google Inc.)
HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Run: [spotify Web Helper] => C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-17] (Spotify Ltd)
HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\MountPoints2: {9cc9e589-7b26-11e1-8981-002683196355} - F:\SETUP.EXE
HKU\S-1-5-18\...\Run: [CtxfiReg] => CTXFIREG.exe /FAIL1
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fi.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2F837F1C17D6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
URLSearchHook: HKCU - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {00574AAA-C4D3-4fff-9AAB-3D0C612BB2F8} URL = http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Hosts: 127.0.0.1                   activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.89.123.29 193.210.19.19
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1149593954-1596858650-3402885492-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1149593954-1596858650-3402885492-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-31]
CHR Extension: (Google-haku) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-31]
CHR Extension: (Google Wallet) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Petri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-31]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-04]
CHR StartMenuInternet: Google Chrome - C:\Users\Petri\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-07-18] () [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-07-30] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-07-29] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WTService; C:\Windows\system32\atwtusb.exe [581120 2012-10-19] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-07-27] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141113.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows ® Codename Longhorn DDK provider)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141113.040\ENG64.SYS [129752 2014-11-04] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141113.040\EX64.SYS [2137304 2014-11-04] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [40712 2012-11-01] (Anchorfree Inc.)
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows ® Win 7 DDK provider)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 17:13 - 2014-11-14 17:13 - 00021411 _____ () C:\Users\Petri\Downloads\FRST.txt
2014-11-14 17:13 - 2014-11-14 17:13 - 00000000 ____D () C:\FRST
2014-11-14 17:12 - 2014-11-14 17:12 - 02116608 _____ (Farbar) C:\Users\Petri\Downloads\frst64 (1).exe
2014-11-14 16:58 - 2014-11-14 16:33 - 00039750 _____ () C:\zoek-results2014-11-14-143348.log
2014-11-14 16:27 - 2014-11-14 17:02 - 00033932 _____ () C:\zoek-results.log
2014-11-14 16:22 - 2014-11-14 16:22 - 00000000 ____D () C:\zoek_backup
2014-11-14 00:50 - 2014-11-14 00:51 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Petri\Downloads\SpyHunter-Installer.exe
2014-11-14 00:50 - 2014-11-14 00:50 - 00003146 _____ () C:\Windows\System32\Tasks\{A0B6906C-6056-453F-8B04-F542F37EDCE4}
2014-11-14 00:49 - 2014-11-14 00:49 - 00707664 _____ (iS3, Inc.) C:\Users\Petri\Downloads\SZSetup_AID10121_AV.exe
2014-11-14 00:44 - 2014-11-14 00:44 - 02140160 _____ () C:\Users\Petri\Downloads\adwcleaner_4.101.exe
2014-11-14 00:23 - 2014-11-14 00:23 - 00000000 ____D () C:\Windows\pss
2014-11-13 23:51 - 2014-11-13 23:52 - 00006144 ___SH () C:\Users\Petri\AppData\Thumbs.db
2014-11-13 23:43 - 2014-11-13 23:43 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-13 23:43 - 2014-11-13 23:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-13 23:41 - 2014-11-13 23:42 - 17535064 _____ () C:\Users\Petri\Downloads\RogueKillerX64.exe
2014-11-13 12:24 - 2014-11-13 12:24 - 02116096 _____ (Farbar) C:\Users\Petri\Downloads\frst64.exe
2014-11-13 09:36 - 2014-11-13 09:36 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files\iTunes
2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files\iPod
2014-11-13 09:36 - 2014-11-13 09:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-12 09:03 - 2014-10-25 03:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 09:03 - 2014-10-25 03:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 09:03 - 2014-10-18 04:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 09:03 - 2014-10-18 03:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 09:03 - 2014-10-14 04:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 09:03 - 2014-10-14 04:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 09:03 - 2014-10-14 04:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 09:03 - 2014-10-14 04:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 09:03 - 2014-10-14 04:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 09:03 - 2014-10-14 04:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 09:03 - 2014-10-14 03:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 09:03 - 2014-10-14 03:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 09:03 - 2014-10-14 03:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 09:03 - 2014-10-14 03:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 09:03 - 2014-10-14 03:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 09:03 - 2014-10-10 02:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 09:03 - 2014-10-03 04:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 09:03 - 2014-10-03 04:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 09:03 - 2014-10-03 04:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 09:03 - 2014-10-03 04:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 09:03 - 2014-10-03 04:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 09:03 - 2014-10-03 03:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 09:03 - 2014-10-03 03:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 09:03 - 2014-10-03 03:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 09:03 - 2014-09-19 11:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 09:03 - 2014-09-19 11:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 09:03 - 2014-08-21 08:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 09:03 - 2014-08-21 08:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 09:03 - 2014-08-21 08:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 09:03 - 2014-08-21 08:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 09:03 - 2014-08-12 04:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 09:03 - 2014-08-12 03:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 00:02 - 2014-11-14 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-11 19:46 - 2014-11-14 00:00 - 00000000 ____D () C:\Users\Petri\Desktop\mbar
2014-11-11 19:45 - 2014-11-11 19:46 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Petri\Downloads\mbar-1.08.0.1001.exe
2014-11-11 18:28 - 2014-11-11 18:28 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Petri\Downloads\tdsskiller.exe
2014-11-11 18:06 - 2014-11-11 18:09 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-11 18:06 - 2014-11-11 18:06 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-11 18:06 - 2014-11-11 18:06 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-11 18:06 - 2014-11-11 18:06 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-11 18:06 - 2014-11-11 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-11 18:06 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-11 18:04 - 2014-11-11 18:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Petri\Downloads\spybot-2.4.exe
2014-11-11 17:23 - 2014-11-11 17:23 - 00000554 _____ () C:\Users\Petri\Desktop\atx.log
2014-11-11 17:17 - 2014-11-11 17:17 - 00380416 _____ () C:\Users\Petri\Downloads\7bcbk4bb.exe
2014-11-11 16:57 - 2014-11-11 16:57 - 00017055 _____ () C:\Users\Petri\Desktop\dds.txt
2014-11-11 16:57 - 2014-11-11 16:57 - 00006500 _____ () C:\Users\Petri\Desktop\attach.txt
2014-11-11 16:54 - 2014-11-11 16:54 - 00688992 ____R (Swearware) C:\Users\Petri\Downloads\dds.com
2014-11-11 16:54 - 2014-11-11 16:54 - 00688992 _____ (Swearware) C:\Users\Petri\Downloads\dds.scr
2014-11-11 16:25 - 2014-11-11 16:25 - 00380416 _____ () C:\Users\Petri\Downloads\p1nu1hwm.exe
2014-11-10 17:13 - 2014-11-13 23:57 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 17:13 - 2014-11-13 23:56 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-10 17:13 - 2014-11-10 17:13 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-10 17:13 - 2014-11-10 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 17:13 - 2014-11-10 17:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 17:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-10 17:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-10 17:12 - 2014-11-10 17:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Petri\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-08 19:52 - 2014-11-08 19:52 - 00015654 _____ () C:\Users\Petri\Downloads\the.walking.dead.slabtown.(2014).eng.1cd.(5880611).zip
2014-11-08 15:19 - 2014-11-08 15:19 - 00277009 _____ () C:\Users\Petri\Downloads\shoushinkcfg.rar
2014-11-08 02:03 - 2014-11-08 02:15 - 00000000 ____D () C:\Hearthstone
2014-11-08 02:03 - 2014-11-08 02:03 - 00000780 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-11-08 02:03 - 2014-11-08 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-11-08 01:00 - 2014-11-08 17:28 - 00000920 _____ () C:\Users\Petri\Desktop\ruokapolitiikkaa.txt
2014-11-07 19:22 - 2014-11-07 19:22 - 00000835 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-11-07 19:22 - 2014-11-07 19:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-11-07 19:17 - 2014-11-08 22:51 - 00000000 ____D () C:\World of Warcraft
2014-11-07 19:12 - 2014-11-07 19:12 - 00001148 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-11-07 19:12 - 2014-11-07 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-11-07 19:12 - 2014-11-07 19:12 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-07 19:06 - 2014-11-07 19:06 - 02868792 _____ (Blizzard Entertainment) C:\Users\Petri\Downloads\Battle.net-Setup-enGB.exe
2014-11-06 23:17 - 2014-11-11 13:18 - 00001877 _____ () C:\Users\Petri\Desktop\reseptejä FB KOKIT.txt
2014-11-06 12:38 - 2014-11-06 12:38 - 00078216 _____ () C:\Users\Petri\Downloads\6AA31B664377B11CBCF1692150B04AF2EEAFB499.torrent
2014-11-03 19:57 - 2014-11-03 19:57 - 00000675 _____ () C:\Users\Petri\Desktop\jtn.txt
2014-10-30 15:37 - 2014-10-30 15:37 - 00080343 _____ () C:\Users\Petri\Downloads\kuitti.xps
2014-10-30 15:30 - 2014-10-30 15:30 - 00080343 _____ () C:\Users\Petri\Desktop\kuitti.xps
2014-10-29 22:06 - 2014-10-29 22:06 - 00013139 _____ () C:\Users\Petri\Downloads\fargo.a.muddy.road.(2014).fin.1cd.(5648448).zip
2014-10-27 21:02 - 2014-10-27 21:03 - 00000000 ____D () C:\Program Files (x86)\VentSrv
2014-10-27 21:02 - 2014-10-27 21:02 - 00659880 _____ () C:\Users\Petri\Downloads\ventrilo_srv-3.0.3-Windows.exe
2014-10-27 21:02 - 2014-10-27 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VentSrv
2014-10-27 20:56 - 2014-10-27 20:56 - 00000917 _____ () C:\Users\Petri\Desktop\Ventrilo.lnk
2014-10-27 20:56 - 2014-10-27 20:56 - 00000262 _____ () C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2014-10-27 20:56 - 2014-10-27 20:56 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
2014-10-27 20:56 - 2014-10-27 20:56 - 00000000 ____D () C:\Program Files\Ventrilo
2014-10-27 20:55 - 2014-10-27 20:55 - 04135696 _____ () C:\Users\Petri\Downloads\ventrilo-3.0.8-Windows-x64.exe
2014-10-27 19:56 - 2014-10-27 19:56 - 00011170 _____ () C:\Users\Petri\Downloads\9661ec0eb9e2f42c4c794e394d615a0292e9fb20.zip
2014-10-25 10:17 - 2014-10-25 10:17 - 00362600 _____ () C:\Users\Petri\Downloads\la_compagnie_des_ombres.zip
2014-10-25 10:16 - 2014-10-25 10:16 - 00374275 _____ () C:\Users\Petri\Downloads\coalhandluke.zip
2014-10-25 10:16 - 2014-10-25 10:16 - 00023350 _____ () C:\Users\Petri\Downloads\blankenship.zip
2014-10-25 10:15 - 2014-10-25 10:15 - 00997998 _____ () C:\Users\Petri\Downloads\good_karma.zip
2014-10-25 10:15 - 2014-10-25 10:15 - 00031925 _____ () C:\Users\Petri\Downloads\rockers.zip
2014-10-25 10:15 - 2014-10-25 10:15 - 00008492 _____ () C:\Users\Petri\Downloads\moonlight_prism.zip
2014-10-25 10:14 - 2014-10-25 10:14 - 00082646 _____ () C:\Users\Petri\Downloads\rollandinemilie.zip
2014-10-23 23:28 - 2014-10-23 23:28 - 00000000 ____D () C:\Users\Petri\AppData\Local\PAYDAY 2
2014-10-23 23:26 - 2014-10-23 23:26 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-22 05:48 - 2014-10-22 05:48 - 00000000 ____D () C:\Users\Petri\AppData\Local\NPE
2014-10-21 22:58 - 2014-10-21 22:58 - 00000222 _____ () C:\Users\Petri\Desktop\PAYDAY 2.url
2014-10-21 19:09 - 2014-10-21 19:09 - 00046288 _____ () C:\Users\Petri\Downloads\MarkC_Windows7_MouseFix.zip
2014-10-21 19:09 - 2014-10-21 19:09 - 00046288 _____ () C:\Users\Petri\Downloads\MarkC_Windows7_MouseFix (1).zip
2014-10-21 18:49 - 2014-11-13 23:27 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Mumble
2014-10-21 18:48 - 2014-10-21 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2014-10-21 09:17 - 2014-10-21 09:17 - 00000000 ____D () C:\Users\Petri\AppData\Local\Logitech
2014-10-21 09:17 - 2014-10-21 09:17 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-10-21 09:14 - 2014-10-21 09:15 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-10-21 09:14 - 2014-10-21 09:15 - 00000776 _____ () C:\Windows\LkmdfCoInst.log
2014-10-21 09:14 - 2014-10-21 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-21 09:13 - 2014-10-21 09:16 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-10-21 09:08 - 2014-10-21 09:08 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Logitech
2014-10-21 09:08 - 2014-10-21 09:08 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Logishrd
2014-10-21 09:06 - 2014-10-21 09:07 - 62715208 _____ (Logitech Inc.) C:\Users\Petri\Downloads\lgs8.56.109_x64.exe
2014-10-20 16:05 - 2014-11-12 20:09 - 00035986 _____ () C:\Windows\DirectX.log
2014-10-20 14:27 - 2014-10-20 14:27 - 00000219 _____ () C:\Users\Petri\Desktop\Counter-Strike Global Offensive.url
2014-10-20 14:22 - 2014-11-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-20 14:22 - 2014-10-20 14:22 - 01142392 _____ () C:\Users\Petri\Downloads\SteamSetup.exe
2014-10-20 14:22 - 2014-10-20 14:22 - 00000967 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-10-20 14:22 - 2014-10-20 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-18 23:21 - 2014-10-18 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-10-16 22:24 - 2014-09-04 07:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 22:24 - 2014-09-04 07:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 22:24 - 2014-07-17 04:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 22:24 - 2014-07-17 04:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 22:24 - 2014-07-17 04:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 22:24 - 2014-07-17 04:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 22:24 - 2014-07-17 04:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 22:24 - 2014-07-17 03:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 22:24 - 2014-07-17 03:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 22:24 - 2014-07-17 03:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 22:24 - 2014-07-17 03:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 22:24 - 2014-07-17 03:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 22:24 - 2014-07-17 03:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 22:24 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 22:24 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 22:24 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 22:24 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 22:24 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 22:24 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 13:51 - 2014-10-16 13:51 - 00002298 _____ () C:\Users\Petri\Desktop\ess suku.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 17:11 - 2013-09-19 19:42 - 00000000 ____D () C:\Users\Petri\AppData\Local\Battle.net
2014-11-14 17:05 - 2012-03-31 13:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 16:57 - 2012-03-31 12:40 - 00001018 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job
2014-11-14 16:41 - 2012-03-31 09:20 - 01110231 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 15:57 - 2012-03-31 12:40 - 00000966 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job
2014-11-14 09:28 - 2014-07-17 20:23 - 00044910 _____ () C:\Windows\setupact.log
2014-11-14 09:22 - 2012-08-13 17:22 - 00000000 ____D () C:\Users\Petri\AppData\Local\Adobe
2014-11-14 09:19 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 09:19 - 2009-07-14 06:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 09:12 - 2012-07-25 16:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-14 09:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 09:12 - 2009-07-14 04:34 - 00000402 _____ () C:\Windows\win.ini
2014-11-14 00:47 - 2014-07-18 15:32 - 00076376 _____ () C:\Windows\PFRO.log
2014-11-14 00:46 - 2014-07-21 13:27 - 00000000 ____D () C:\AdwCleaner
2014-11-14 00:41 - 2013-04-13 18:47 - 00000000 ____D () C:\Users\Petri\AppData\Local\Spotify
2014-11-14 00:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-13 23:42 - 2012-07-29 00:22 - 00000000 ____D () C:\Program Files\CPUID
2014-11-13 20:05 - 2012-03-31 13:25 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-13 20:05 - 2012-03-31 13:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 20:05 - 2012-03-31 13:25 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-13 19:31 - 2013-04-13 18:46 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Spotify
2014-11-13 09:36 - 2014-02-24 10:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-13 09:36 - 2014-02-24 10:01 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-13 00:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 16:34 - 2009-07-14 06:45 - 00551976 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 16:12 - 2013-08-14 21:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 16:03 - 2012-03-31 13:50 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 14:06 - 2014-10-13 23:01 - 00012499 _____ () C:\Users\Petri\Desktop\Ruokapohdintaa.ods
2014-11-11 18:35 - 2012-03-31 13:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-11 18:06 - 2012-03-31 13:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-11 16:31 - 2013-08-31 17:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-09 23:28 - 2012-03-31 09:21 - 00000000 ____D () C:\Users\Petri
2014-11-08 20:46 - 2013-01-06 19:36 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\vlc
2014-11-07 02:21 - 2012-03-31 13:26 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\uTorrent
2014-11-06 12:39 - 2014-02-24 16:42 - 00000000 ____D () C:\Users\Petri\Desktop\DLOAD
2014-11-05 20:12 - 2014-09-11 22:34 - 00001279 _____ () C:\Users\Petri\Desktop\pup.txt
2014-11-03 11:17 - 2014-04-20 10:05 - 00000132 _____ () C:\Users\Petri\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-11-03 11:17 - 2014-04-05 21:20 - 00001456 _____ () C:\Users\Petri\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-31 07:38 - 2009-07-14 07:13 - 00795190 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 21:05 - 2012-03-31 18:09 - 00000000 ____D () C:\Users\Petri\AppData\Roaming\Ventrilo
2014-10-25 10:19 - 2012-03-31 12:40 - 00140376 _____ () C:\Users\Petri\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 18:55 - 2012-03-31 14:51 - 00000000 ____D () C:\Users\Petri\AppData\Local\CrashDumps
2014-10-21 18:48 - 2012-05-27 18:50 - 00000000 ____D () C:\Program Files (x86)\Mumble
2014-10-21 09:13 - 2013-04-19 16:42 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 14:52 - 2012-03-31 12:40 - 00003992 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA
2014-10-19 14:52 - 2012-03-31 12:40 - 00003596 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core
2014-10-18 07:34 - 2009-07-14 07:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\Petri\AppData\Local\Temp\DeskMetrics.dll
C:\Users\Petri\AppData\Local\Temp\Quarantine.exe
C:\Users\Petri\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-06 13:54
 
==================== End Of Log ============================
Link to post
Share on other sites
Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014

Ran by Petri at 2014-11-14 17:14:04

Running from C:\Users\Petri\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)

Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)

Adobe Flash Media Live Encoder 3.2 (HKLM-x32\...\{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}) (Version: 3.2.0 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)

Adobe Reader X (10.1.8) - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Applen ohjelmatuki (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)

Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)

Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.00 - Creative Technology Limited)

Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version:  - Creative Technology Limited)

Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)

Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)

Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )

Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)

Digital Dogsitter (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Digital Dogsitter) (Version:  - )

Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)

Fliqlo Screen Saver (HKLM-x32\...\Fliqlo) (Version:  - )

Google Chrome (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 6 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217006FF}) (Version: 7.0.60 - Oracle)

Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)

Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)

JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)

Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7138 - MyHeritage.com)

NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )

Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)

NVIDIA 3D Vision Controller Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.11 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)

NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

OpenOffice.org 3.3 (HKLM-x32\...\{6707309D-7FBC-43C9-926F-A66C69054768}) (Version: 3.3.9567 - OpenOffice.org)

Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.)

SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden

SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: 1.0.0.0 - Electronic Arts)

SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)

Spotify (HKU\S-1-5-21-1149593954-1596858650-3402885492-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)

The Sims™ 3 70-, 80- ja 90-luku Kamasetti (HKLM-x32\...\{E1868CAE-E3B9-4099-8C18-AA8944D336FD}) (Version: 17.0.77 - Electronic Arts)

The Sims™ 3 Baana auki Kamasetti (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.0.44 - Electronic Arts)

The Sims™ 3 Diesel Kamasetti (HKLM-x32\...\{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}) (Version: 14.0.48 - Electronic Arts)

The Sims™ 3 Iltahuvit (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)

The Sims™ 3 Leffa Kamasetti (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)

The Sims™ 3 Lemmikit (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)

The Sims™ 3 Luksuslukaali Kamasetti (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)

The Sims™ 3 Maailmanmatkaaja (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)

The Sims™ 3 Makkari & Kylppäri Kamasetti (HKLM-x32\...\{08A25478-C5DD-4EA7-B168-3D687CA987FF}) (Version: 11.0.84 - Electronic Arts)

The Sims™ 3 Paratiisisaari (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)

The Sims™ 3 Pihaparatiisi Kamasetti (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)

The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)

The Sims™ 3 Superstara (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)

The Sims™ 3 Tulevaisuuteen (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)

The Sims™ 3 Täyttä Elämää (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)

The Sims™ 3 Unelmaduuni (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)

The Sims™ 3 Vuodenajat (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)

The Sims™ 3 Yliopistoelämää (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)

Trust tablet driver (HKLM\...\RmTablet) (Version: 5.01 - )

VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden

Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)

Ventrilo Server (HKLM-x32\...\{1D46A3A0-B37D-423A-91C2-101A49E2FF80}) (Version: 3.0.3 - Flagship Industries, Inc.)

Windows Liven asennustyökalu (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{23be3283-16c5-4912-b219-b2088a7e6985}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1149593954-1596858650-3402885492-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Petri\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

 

==================== Restore Points  =========================

 

12-11-2014 14:01:45 Windows Update

12-11-2014 18:07:12 Installed DirectX

13-11-2014 22:54:07 Installed STOPzilla

14-11-2014 14:27:18 zoek.exe restore point

14-11-2014 14:58:40 zoek.exe restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 04:34 - 2014-04-01 15:33 - 00000814 ____N C:\Windows\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0E6C6195-24C3-4D39-A9B7-0FD2B9B5044B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)

Task: {2EE0FE5D-047C-404E-8624-9C0D4E8F1219} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-13] (Adobe Systems Incorporated)

Task: {5F302171-B55E-4694-AE29-2E92802F397D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {7CF431F3-94BC-4629-A7F9-F9E898A47FBA} - System32\Tasks\AdobeAAMUpdater-1.0-Petri-PC-Petri => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-03] (Adobe Systems Incorporated)

Task: {8D8E665B-CEEA-450C-907D-018972A79C79} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {8DEA142B-6C7F-48ED-A906-AB585BA39E79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)

Task: {9558CFB0-95A1-435E-A2FB-AB95917DAAE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {A4DE0715-90D0-4579-8A35-19819F2BD276} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {BC06D82D-98F7-4206-A021-E7D2B2039FFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {E0ECBBD9-91FF-4AD3-8937-95BD00416A47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {EA719AB6-1EFE-487A-A0E4-07C1391401BF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-31] (Google Inc.)

Task: {F670D779-0526-4D88-ACF0-AC2A73572BBB} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000Core.job => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1149593954-1596858650-3402885492-1000UA.job => C:\Users\Petri\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-07-25 16:39 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-09-16 23:02 - 2014-09-16 23:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll

2014-09-16 23:02 - 2014-09-16 23:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll

2014-09-16 23:02 - 2014-09-16 23:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll

2014-09-16 23:02 - 2014-09-16 23:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll

2012-06-14 19:17 - 2014-02-24 16:16 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-07-21 09:03 - 2012-10-19 10:01 - 00581120 _____ () C:\Windows\system32\atwtusb.exe

2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-11-11 18:06 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-11 18:06 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-11 18:06 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-11 18:06 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-11 18:06 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-10-28 09:58 - 2014-10-22 06:04 - 08910664 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-28 09:58 - 2014-10-22 06:04 - 01681224 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2013-09-25 05:07 - 2013-09-25 05:07 - 01582568 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3-3.dll

2013-09-25 05:07 - 2013-09-25 05:07 - 01534216 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 12\libfftw3f-3.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libcef.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libGLESv2.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\platforms\qwindows.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\libEGL.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qgif.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qico.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qjpeg.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qmng.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\imageformats\qtiff.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick.2\qtquick2plugin.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQuick\Layouts\qquicklayoutsplugin.dll

2014-11-07 19:12 - 2014-11-07 19:12 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5191\qml\QtQml\Models.2\modelsplugin.dll

2014-11-13 20:05 - 2014-11-13 20:05 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll

2014-10-28 09:58 - 2014-10-22 06:04 - 01042760 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-28 09:58 - 2014-10-22 06:04 - 00211272 _____ () C:\Users\Petri\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

MSCONFIG\startupreg: AtwtusbIcon => AtwtusbIcon.exe

MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe

MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE

MSCONFIG\startupreg: Dyyno Launcher => "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

MSCONFIG\startupreg: Family Tree Builder Update => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Petri\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1149593954-1596858650-3402885492-500 - Administrator - Disabled)

Guest (S-1-5-21-1149593954-1596858650-3402885492-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1149593954-1596858650-3402885492-1004 - Limited - Enabled)

Petri (S-1-5-21-1149593954-1596858650-3402885492-1000 - Administrator - Enabled) => C:\Users\Petri

 

==================== Faulty Device Manager Devices =============

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/14/2014 09:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:48:09 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:26:58 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:08:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/13/2014 04:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Wow-64.exe version 6.0.3.19116 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 83c

 

Start Time: 01cfff4a677f43c6

 

Termination Time: 14

 

Application Path: C:\World of Warcraft\Wow-64.exe

 

Report Id: d4916f9a-6b3d-11e4-b98a-f46d045073c3

 

Error: (11/13/2014 08:46:55 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/13/2014 01:07:42 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/12/2014 04:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 09:14:23 AM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (11/14/2014 00:49:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (11/14/2014 00:36:36 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

 

 

Microsoft Office Sessions:

=========================

Error: (11/14/2014 09:12:34 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:48:09 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:34:00 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:26:58 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:21:31 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/14/2014 00:08:53 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/13/2014 04:03:31 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Wow-64.exe6.0.3.1911683c01cfff4a677f43c614C:\World of Warcraft\Wow-64.exed4916f9a-6b3d-11e4-b98a-f46d045073c3

 

Error: (11/13/2014 08:46:55 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/13/2014 01:07:42 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/12/2014 04:35:01 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2012-11-07 18:03:07.335

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-05 20:15:34.647

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-05 16:27:54.982

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-05 06:42:39.101

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-02 18:09:49.509

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-02 17:26:39.461

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-01 19:44:45.093

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-11-01 16:48:25.867

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-10-31 16:29:10.168

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2012-10-31 07:11:30.456

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 48%

Total physical RAM: 8168.86 MB

Available physical RAM: 4234.31 MB

Total Pagefile: 16335.91 MB

Available Pagefile: 12303.61 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:427.66 GB) NTFS

Drive d: (FreeAgent Drive) (Fixed) (Total:232.88 GB) (Free:21.14 GB) NTFS

Drive x: (SSD) (Fixed) (Total:119.24 GB) (Free:64.54 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 78EEA757)

Partition 1: (Not Active) - (Size=119.2 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000A30BE)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (Size: 232.9 GB) (Disk ID: A4B57300)

Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi :)

ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.
Please include the content of CKFiles.txt in your next reply.
Link to post
Share on other sites

It is, however I have been trying to delete every single pirated file that I had before coming here because I read the topic from one of the admins saying that people would not help me if I have pirated stuff in my computer, I will delete it now. If you won't help me I guess its understandable :/ 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.