1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Something's happened to my computer

Discussion in 'Web & Email' started by Addibro, Sep 11, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Hi Mark! Thanks for joining this session!

    Here is the log file from Junkware:

    -----------------------------------------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.0 (09.12.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Andreas on 2013-09-12 at 13:53:11,54
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1035847082-4026891932-1998868263-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

    ~~~ Files
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
    Successfully disinfected: [Shortcut] C:\Users\Andreas\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Successfully disinfected: [Shortcut] C:\Users\Public\Desktop\Google Chrome.lnk

    ~~~ Folders

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 2013-09-12 at 13:56:06,44
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  2. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    And here is AdwCleaner:

    ----------------------------------------

    # AdwCleaner v3.003 - Report created 12/09/2013 at 13:59:13
    # Updated 07/09/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Andreas - AGAMEMNON
    # Running from : C:\Users\Andreas\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****
    Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
    ***** [ Registry ] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16635
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    -\\ Mozilla Firefox v
    [ File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]

    -\\ Google Chrome v29.0.1547.66
    [ File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [11954 octets] - [11/09/2013 15:57:57]
    AdwCleaner[R1].txt - [5099 octets] - [11/09/2013 23:44:09]
    AdwCleaner[R2].txt - [4245 octets] - [11/09/2013 23:59:05]
    AdwCleaner[R3].txt - [5285 octets] - [12/09/2013 00:07:04]
    AdwCleaner[R4].txt - [5405 octets] - [12/09/2013 00:17:58]
    AdwCleaner[R5].txt - [5525 octets] - [12/09/2013 00:20:51]
    AdwCleaner[R6].txt - [5645 octets] - [12/09/2013 11:08:29]
    AdwCleaner[R7].txt - [5658 octets] - [12/09/2013 13:58:53]
    AdwCleaner[S0].txt - [9562 octets] - [11/09/2013 15:59:09]
    AdwCleaner[S1].txt - [2867 octets] - [11/09/2013 23:45:59]
    AdwCleaner[S2].txt - [2595 octets] - [11/09/2013 23:59:22]
    AdwCleaner[S3].txt - [3047 octets] - [12/09/2013 00:07:27]
    AdwCleaner[S4].txt - [3318 octets] - [12/09/2013 00:19:05]
    AdwCleaner[S5].txt - [3287 octets] - [12/09/2013 00:21:17]
    AdwCleaner[S6].txt - [3407 octets] - [12/09/2013 11:08:42]
    AdwCleaner[S7].txt - [3278 octets] - [12/09/2013 13:59:13]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [3338 octets] ##########
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The infection is clearly still there so we shall dig a little deeper.

    Please download Farbar Recovery Scan Tool and save it to your desktop. Do not get tempted to download Regclean Pro.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please also copy and paste that into your reply.


    ==================================================

    Download RogueKiller (by tigzy) and save direct to your Desktop.
    On the web page select the 32bit or 64bit button to match the bit rate of your version of Windows.

    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Report when complete. Copy/paste the contents of the report and paste into your next reply.
    • NOTE: DO NOT attempt to remove anything that the scan detects.

    [​IMG]
     
  4. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Alright! Here's the FRST log:

    -----------------------------------------

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
    Ran by Andreas (administrator) on AGAMEMNON on 12-09-2013 19:54:12
    Running from C:\Users\Andreas\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Normal
    ==================== Processes (Whitelisted) =================
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Woodtale Technology Inc) C:\Users\Andreas\AppData\Local\DProtect\DProtectSvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    () C:\Windows\SysWOW64\PnkBstrA.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    (Spotify Ltd) C:\Users\Andreas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    (Dropbox, Inc.) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    () C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
    (Apple Inc.) D:\iTunes\iTunesHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
    (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Cubase7.exe
    (Steinberg Media Technologies GmbH) C:\PROGRA~2\ELICEN~1\POS\SYNSOPOS.exe
    (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\videodecode.exe
    (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\videopreload.exe
    (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\videooutput.exe
    (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\VSTBridgeApp.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
    HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1811368 2013-09-06] (Valve Corporation)
    HKCU\...\Run: [Spotify Web Helper] - C:\Users\Andreas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-09] (Spotify Ltd)
    HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
    HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
    HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
    HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [Netgear UDS Control Center] - C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [21124096 2011-06-28] ()
    HKLM-x32\...\Run: [iTunesHelper] - D:\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll [168616 2013-08-18] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Users\Andreas\AppData\Local\DProtect\eBP.dll,C:\Users\Andreas\AppData\Local\DProtect\eBPSD.dll [62016 2013-09-09] ()
    Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4B5463057E4ACE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008404
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1378987194
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/resul...FyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=984395266&ir=
    SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_sou...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008338
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.qvo6.com/web/?utm_sou...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379008338
    SearchScopes: HKCU - {384AE65C-9E43-67A3-519C-4B523C21A961} URL =
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO-x32: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @se.nexus/Personal - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchURL: (qvo6) - http://www.google.com
    CHR DefaultSuggestURL: (qvo6) - "suggest_url": ""
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    CHR Plugin: (Nexus Personal) - C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
    CHR Plugin: (Uplay PC) - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
    CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
    CHR Plugin: (iTunes Application Detector) - D:\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
    CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
    CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
    CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
    CHR Extension: (Skype Click to Call) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_1
    CHR Extension: (Chrome In-App Payments service) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1
    CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
    CHR HKLM-x32\...\Chrome\Extension: [hendmekoldfacfhlojkjcnbjegkahclb] - C:\Program Files (x86)\diamondata\hendmekoldfacfhlojkjcnbjegkahclb.crx
    CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
    CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1378987194
    ==================== Services (Whitelisted) =================
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
    R2 DPService; C:\Users\Andreas\AppData\Local\DProtect\DProtectSvc.exe [342592 2013-09-09] (Woodtale Technology Inc)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
    R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-05-26] ()
    ==================== Drivers (Whitelisted) ====================
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-27] (DT Soft Ltd)
    R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [24728 2012-11-17] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
    R3 NetgearUDSMBus; C:\Windows\SysWow64\Drivers\NetgearUDSMBus.sys [100448 2011-06-16] (Windows (R) Codename Longhorn DDK provider)
    R3 NetgearUDSTcpBus; C:\Windows\SysWow64\Drivers\NetgearUDSTcpBus.sys [165472 2011-06-16] (Windows (R) Codename Longhorn DDK provider)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
    R3 RDID1117; C:\Windows\System32\Drivers\rdwm1117.sys [268672 2011-02-18] (Roland Corporation)
    S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
    S3 Tdsshbecr; C:\Windows\System32\DRIVERS\shbecr.sys [50176 2008-09-28] (Todos Data System AB)
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2013-09-12 19:53 - 2013-09-12 19:53 - 01949642 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
    2013-09-12 14:03 - 2013-09-12 14:03 - 00003357 _____ C:\Users\Andreas\Desktop\JRT.txt
    2013-09-12 13:52 - 2013-09-12 13:52 - 01029509 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
    2013-09-12 00:09 - 2013-09-12 16:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867.job
    2013-09-12 00:09 - 2013-09-12 00:13 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236.job
    2013-09-12 00:09 - 2013-09-12 00:09 - 00003598 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236
    2013-09-12 00:09 - 2013-09-12 00:09 - 00003524 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867
    2013-09-12 00:09 - 2013-09-12 00:09 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-09-12 00:05 - 2013-09-12 00:06 - 27540744 _____ (SUPERAntiSpyware) C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
    2013-09-11 23:54 - 2013-09-11 23:55 - 01037278 _____ C:\Users\Andreas\Desktop\AdwCleaner.exe
    2013-09-11 23:49 - 2013-09-11 23:49 - 00891144 _____ C:\Users\Andreas\Desktop\SecurityCheck.exe
    2013-09-11 21:31 - 2013-09-11 21:31 - 00000000 __HDC C:\ProgramData\{B57BCE68-0C0F-48CE-98DB-5E6BF5A4FAE8}
    2013-09-11 20:06 - 2013-09-11 20:06 - 00000000 ____D C:\ProgramData\Cakewalk
    2013-09-11 20:06 - 2013-09-11 20:06 - 00000000 ____D C:\Program Files\Cakewalk
    2013-09-11 16:03 - 2013-09-11 16:03 - 00000000 ____D C:\Windows\ERUNT
    2013-09-11 16:02 - 2013-09-11 16:02 - 00005680 _____ C:\sc-cleaner.txt
    2013-09-11 15:57 - 2013-09-12 13:59 - 00000000 ____D C:\AdwCleaner
    2013-09-11 15:17 - 2013-09-11 15:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-09-11 15:17 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2013-09-11 15:03 - 2013-09-11 15:03 - 00000000 _____ C:\autoexec.bat
    2013-09-11 15:02 - 2013-09-11 15:16 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
    2013-09-11 15:02 - 2013-09-11 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
    2013-09-11 00:18 - 2013-09-11 00:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waves
    2013-09-11 00:04 - 2013-09-11 00:04 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
    2013-09-10 23:59 - 2013-09-10 23:59 - 00001219 _____ C:\Users\UpdatusUser\Desktop\Reaktor 5.lnk
    2013-09-10 23:59 - 2013-09-10 23:59 - 00001219 _____ C:\Users\Andreas\Desktop\Reaktor 5.lnk
    2013-09-10 23:59 - 2013-09-10 23:59 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Reaktor 5
    2013-09-10 23:57 - 2013-09-10 23:57 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigiDesign
    2013-09-10 22:44 - 2013-09-10 22:44 - 00063176 _____ C:\Users\Andreas\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2013-09-10 22:43 - 2013-09-12 00:38 - 00000501 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
    2013-09-10 22:29 - 2013-09-10 22:29 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2013-09-10 22:06 - 2013-09-12 19:54 - 00001586 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-09-10 22:05 - 2013-09-12 19:10 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-09-10 22:05 - 2013-09-12 13:59 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-09-10 22:05 - 2013-09-10 22:05 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-09-10 22:05 - 2013-09-10 22:05 - 00003740 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-09-10 21:28 - 2013-09-10 21:28 - 00262224 _____ C:\Windows\Minidump\091013-5803-01.dmp
    2013-09-10 21:28 - 2013-09-10 21:28 - 00000000 ____D C:\Windows\Minidump
    2013-09-10 17:45 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2013-09-10 11:11 - 2013-09-10 11:11 - 07912320 _____ C:\Users\Andreas\Downloads\[No subject].zip
    2013-09-10 11:09 - 2013-09-10 11:09 - 12930429 _____ C:\Users\Andreas\Downloads\Outlook.zip
    2013-09-09 23:42 - 2013-09-09 23:42 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Glitch2
    2013-09-09 23:38 - 2013-09-09 23:38 - 08002755 _____ C:\Users\Andreas\Downloads\Glitch2_Demo_Windows.zip
    2013-09-09 16:04 - 2013-09-09 16:04 - 01376768 _____ C:\Users\Andreas\Downloads\7z920-x64 (2).msi
    2013-09-09 16:03 - 2013-09-09 16:03 - 01376768 _____ C:\Users\Andreas\Downloads\7z920-x64 (1).msi
    2013-09-09 16:01 - 2013-09-09 16:01 - 00009347 _____ C:\Users\Andreas\Documents\Uninstall STAR WARS The Old Republic.log
    2013-09-09 15:11 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2013-09-09 15:11 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2013-09-09 15:01 - 2013-09-09 15:01 - 00008450 _____ C:\Users\Andreas\Downloads\[isoHunt] Cubase 7 Crack [YIFY] (1).torrent
    2013-09-09 14:52 - 2013-09-09 14:52 - 00400465 _____ C:\Users\Andreas\Downloads\inbjudan och scen.zip
    2013-09-09 14:07 - 2013-09-09 14:07 - 00000000 ____D C:\Users\Andreas\AppData\Local\avgchrome
    2013-09-09 14:06 - 2013-09-11 15:24 - 00000000 ____D C:\ProgramData\DSearchLink
    2013-09-09 14:05 - 2013-09-09 14:05 - 00000000 ____D C:\ProgramData\Registry Helper
    2013-09-09 14:04 - 2013-09-09 14:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\DProtect
    2013-09-07 21:11 - 2013-09-07 21:11 - 00001129 _____ C:\Users\Andreas\Downloads\[isoHunt] 4814113.torrent
    2013-09-07 20:43 - 2013-09-10 22:29 - 00000000 ____D C:\ProgramData\Package Cache
    2013-09-07 20:40 - 2013-09-07 20:41 - 02766872 _____ (Acresso Software Inc.) C:\Users\Andreas\Downloads\woli (1).exe
    2013-09-07 20:22 - 2013-09-07 20:22 - 00000000 ____D C:\ProgramData\Audio Damage
    2013-09-07 20:03 - 2013-09-07 20:03 - 00007341 _____ C:\Users\Andreas\Downloads\[isoHunt] Audio.Damage.Axon.Ver.1.1.and.Discord.3.Ver.1.1.OSX.WIN.AU.VST.torrent
    2013-09-07 19:36 - 2013-09-11 00:37 - 00000000 ____D C:\Program Files (x86)\Waves
    2013-09-07 19:27 - 2013-09-07 19:27 - 00001109 _____ C:\Users\Andreas\Downloads\[isoHunt] 4814056.torrent
    2013-09-07 19:18 - 2013-09-07 19:18 - 00011774 _____ C:\Users\Andreas\Downloads\[isoHunt] Waves Diamond Bundle v5.2.zip.torrent
    2013-09-07 19:13 - 2013-09-07 19:13 - 00008450 _____ C:\Users\Andreas\Downloads\[isoHunt] Cubase 7 Crack [YIFY].torrent
    2013-09-06 04:38 - 2013-09-06 04:38 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
    2013-08-25 23:49 - 2013-08-25 23:49 - 00000000 ____D C:\Users\Andreas\AppData\Local\Steinberg
    2013-08-24 01:42 - 2013-08-24 01:42 - 00076898 _____ C:\Users\Andreas\Downloads\EWQL_Symphonic_Orchestra_v1.0.zip
    2013-08-24 00:51 - 2013-08-24 00:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-08-24 00:50 - 2013-08-24 00:50 - 00000000 ____D C:\Windows\SysWOW64\NV
    2013-08-24 00:50 - 2013-08-24 00:50 - 00000000 ____D C:\Windows\system32\NV
    2013-08-24 00:49 - 2013-08-18 23:02 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 22101792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 13627696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 11271968 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2013-08-24 00:49 - 2013-08-18 23:02 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 02007328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432680.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432680.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2013-08-23 16:43 - 2013-08-23 16:43 - 01886624 _____ C:\Users\Andreas\Downloads\Bild 2.zip
    2013-08-21 15:12 - 2013-08-21 15:12 - 00000000 ____D C:\Users\Andreas\Images
    2013-08-20 23:47 - 2013-08-21 15:16 - 00000000 ____D C:\Users\Andreas\Audio
    2013-08-20 00:20 - 2013-08-20 00:20 - 00000000 ____D C:\Program Files (x86)\EastWest
    2013-08-19 22:24 - 2013-08-19 22:31 - 497555153 _____ C:\Users\Andreas\Downloads\Play_Update_4.0.12_64_bit.zip
    2013-08-19 15:31 - 2013-08-19 15:31 - 00001450 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-08-19 15:30 - 2013-08-19 15:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-19 15:30 - 2013-08-19 15:31 - 00000000 ____D C:\Program Files\iTunes
    2013-08-19 15:30 - 2013-08-19 15:30 - 00000000 ____D C:\Program Files\iPod
    2013-08-18 20:23 - 2013-08-18 20:23 - 00000940 _____ C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
    2013-08-18 20:21 - 2013-08-18 20:23 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
    2013-08-18 20:21 - 2013-08-18 20:21 - 01204608 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas\Downloads\FreeMP4VideoConverter.exe
    2013-08-18 20:21 - 2013-08-18 20:21 - 01204608 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas\Downloads\FreeMP4VideoConverter (1).exe
    2013-08-18 17:58 - 2013-08-18 17:59 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ample Sound
    2013-08-18 16:53 - 2013-08-18 17:56 - 228607849 _____ C:\Users\Andreas\Downloads\AGML_1_1_0_Installer.rar
    2013-08-18 16:41 - 2013-08-18 16:41 - 11835335 _____ C:\Users\Andreas\Downloads\DSK_Asian_DreamZ.zip
    2013-08-18 14:58 - 2013-08-18 14:58 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2013-08-18 14:43 - 2013-08-18 14:43 - 00003686 _____ C:\Windows\System32\Tasks\{A6250E4F-4EA9-4442-8799-6D551EF03431}
    2013-08-18 14:42 - 2013-08-18 14:42 - 00000000 ____D C:\ProgramData\Big Fish Audio
    2013-08-17 00:29 - 2013-08-17 00:30 - 18241765 _____ C:\Users\Andreas\Downloads\IxoxFlute_v0.2.zip
    2013-08-16 12:32 - 2013-08-16 12:32 - 02377467 _____ C:\Users\Andreas\Downloads\Gothia Concentus -noter.zip
    2013-08-15 23:58 - 2013-08-15 23:58 - 00034872 _____ C:\Users\Andreas\Downloads\[isoHunt] download (3).torrent
    2013-08-15 23:57 - 2013-08-15 23:57 - 00035667 _____ C:\Users\Andreas\Downloads\[isoHunt] Star.Trek.Into.Darkness.2013.TS.XVID.AC3.HQ.Hive-CM8.torrent
    2013-08-15 23:02 - 2013-08-15 23:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2013-08-15 23:01 - 2013-08-15 23:02 - 10231662 _____ (The qBittorrent project) C:\Users\Andreas\Downloads\qbittorrent_3.0.11_setup (1).exe
    2013-08-15 23:01 - 2013-08-15 23:01 - 00028522 _____ C:\Users\Andreas\Downloads\[isoHunt] After.Earth.2013.CAM.XVID-Snake.torrent
    2013-08-15 16:27 - 2013-08-15 16:28 - 10231662 _____ (The qBittorrent project) C:\Users\Andreas\Downloads\qbittorrent_3.0.11_setup.exe
    2013-08-15 16:26 - 2013-08-15 16:27 - 00215808 _____ C:\Users\Andreas\Downloads\[isoHunt] 912D0F80B375984560CCB2D4103FB79C5F7729F5.torrent
    2013-08-13 21:54 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2013-08-13 21:54 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    ==================== One Month Modified Files and Folders =======
    2013-09-12 19:54 - 2013-09-10 22:06 - 00001586 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-09-12 19:53 - 2013-09-12 19:53 - 01949642 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
    2013-09-12 19:51 - 2013-05-06 17:08 - 00001289 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-09-12 19:49 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2013-09-12 19:36 - 2013-05-06 21:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-09-12 19:10 - 2013-09-10 22:05 - 00000996 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-09-12 18:02 - 2013-05-31 13:53 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Dropbox
    2013-09-12 16:09 - 2013-09-12 00:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867.job
    2013-09-12 15:22 - 2013-05-06 19:01 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-09-12 15:11 - 2009-07-14 06:51 - 00052021 _____ C:\Windows\setupact.log
    2013-09-12 14:18 - 2013-05-06 21:22 - 00661460 _____ C:\Windows\system32\perfh01D.dat
    2013-09-12 14:18 - 2013-05-06 21:22 - 00141276 _____ C:\Windows\system32\perfc01D.dat
    2013-09-12 14:18 - 2009-07-14 07:13 - 01573176 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-09-12 14:03 - 2013-09-12 14:03 - 00003357 _____ C:\Users\Andreas\Desktop\JRT.txt
    2013-09-12 14:02 - 2013-05-06 17:08 - 02096354 _____ C:\Windows\WindowsUpdate.log
    2013-09-12 13:59 - 2013-09-11 15:57 - 00000000 ____D C:\AdwCleaner
    2013-09-12 13:59 - 2013-09-10 22:05 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-09-12 13:59 - 2013-05-06 18:01 - 00000000 ____D C:\ProgramData\NVIDIA
    2013-09-12 13:59 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-09-12 13:52 - 2013-09-12 13:52 - 01029509 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
    2013-09-12 00:38 - 2013-09-10 22:43 - 00000501 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Google.website
    2013-09-12 00:13 - 2013-09-12 00:09 - 00000514 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236.job
    2013-09-12 00:09 - 2013-09-12 00:09 - 00003598 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236
    2013-09-12 00:09 - 2013-09-12 00:09 - 00003524 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867
    2013-09-12 00:09 - 2013-09-12 00:09 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\SUPERAntiSpyware.com
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2013-09-12 00:09 - 2013-09-12 00:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-09-12 00:06 - 2013-09-12 00:05 - 27540744 _____ (SUPERAntiSpyware) C:\Users\Andreas\Desktop\SUPERAntiSpyware.exe
    2013-09-11 23:55 - 2013-09-11 23:54 - 01037278 _____ C:\Users\Andreas\Desktop\AdwCleaner.exe
    2013-09-11 23:49 - 2013-09-11 23:49 - 00891144 _____ C:\Users\Andreas\Desktop\SecurityCheck.exe
    2013-09-11 22:39 - 2013-05-06 20:44 - 00000000 ____D C:\Users\Andreas\Documents\Cubase Projects
    2013-09-11 22:11 - 2010-11-21 05:47 - 00339948 _____ C:\Windows\PFRO.log
    2013-09-11 22:11 - 2009-07-14 06:45 - 00289136 _____ C:\Windows\system32\FNTCACHE.DAT
    2013-09-11 21:36 - 2013-05-28 21:28 - 00000000 ____D C:\Program Files (x86)\Vstplugins
    2013-09-11 21:31 - 2013-09-11 21:31 - 00000000 __HDC C:\ProgramData\{B57BCE68-0C0F-48CE-98DB-5E6BF5A4FAE8}
    2013-09-11 21:31 - 2013-05-06 21:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\vlc
    2013-09-11 20:41 - 2013-05-06 17:36 - 00063952 _____ C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-09-11 20:06 - 2013-09-11 20:06 - 00000000 ____D C:\ProgramData\Cakewalk
    2013-09-11 20:06 - 2013-09-11 20:06 - 00000000 ____D C:\Program Files\Cakewalk
    2013-09-11 16:39 - 2013-05-09 15:17 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Spotify
    2013-09-11 16:24 - 2013-05-09 15:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\Spotify
    2013-09-11 16:03 - 2013-09-11 16:03 - 00000000 ____D C:\Windows\ERUNT
    2013-09-11 16:02 - 2013-09-11 16:02 - 00005680 _____ C:\sc-cleaner.txt
    2013-09-11 15:41 - 2013-05-09 14:29 - 00000000 ____D C:\Windows\system32\appmgmt
    2013-09-11 15:38 - 2013-05-06 17:08 - 00000000 ____D C:\Users\Andreas
    2013-09-11 15:24 - 2013-09-09 14:06 - 00000000 ____D C:\ProgramData\DSearchLink
    2013-09-11 15:17 - 2013-09-11 15:17 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-09-11 15:17 - 2013-09-11 15:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-09-11 15:16 - 2013-09-11 15:02 - 00000000 ____D C:\Windows\037F8C0EE8E1408FABB4FC4ABF947E1B.TMP
    2013-09-11 15:03 - 2013-09-11 15:03 - 00000000 _____ C:\autoexec.bat
    2013-09-11 15:02 - 2013-09-11 15:02 - 00000000 ____D C:\Program Files\Enigma Software Group
    2013-09-11 13:36 - 2013-05-06 21:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-09-11 13:36 - 2013-05-06 21:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-09-11 13:36 - 2013-05-06 21:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-09-11 13:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-09-11 00:37 - 2013-09-07 19:36 - 00000000 ____D C:\Program Files (x86)\Waves
    2013-09-11 00:18 - 2013-09-11 00:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waves
    2013-09-11 00:04 - 2013-09-11 00:04 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Absynth 4
    2013-09-11 00:04 - 2013-05-27 18:36 - 00000000 ____D C:\Users\Andreas\Documents\Native Instruments
    2013-09-11 00:04 - 2013-05-27 18:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\Native Instruments
    2013-09-11 00:03 - 2013-06-10 00:44 - 00000000 ____D C:\Program Files (x86)\Native Instruments
    2013-09-10 23:59 - 2013-09-10 23:59 - 00001219 _____ C:\Users\UpdatusUser\Desktop\Reaktor 5.lnk
    2013-09-10 23:59 - 2013-09-10 23:59 - 00001219 _____ C:\Users\Andreas\Desktop\Reaktor 5.lnk
    2013-09-10 23:59 - 2013-09-10 23:59 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Reaktor 5
    2013-09-10 23:57 - 2013-09-10 23:57 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DigiDesign
    2013-09-10 23:57 - 2013-05-29 22:42 - 00000000 ____D C:\Program Files (x86)\Digidesign
    2013-09-10 23:08 - 2013-05-09 14:44 - 00000000 ____D C:\Program Files\EastWest
    2013-09-10 22:44 - 2013-09-10 22:44 - 00063176 _____ C:\Users\Andreas\AppData\Roaming\GDIPFONTCACHEV1.DAT
    2013-09-10 22:29 - 2013-09-10 22:29 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2013-09-10 22:29 - 2013-09-07 20:43 - 00000000 ____D C:\ProgramData\Package Cache
    2013-09-10 22:06 - 2013-05-06 17:36 - 00000000 ____D C:\Program Files (x86)\Google
    2013-09-10 22:05 - 2013-09-10 22:05 - 00003992 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2013-09-10 22:05 - 2013-09-10 22:05 - 00003740 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2013-09-10 22:05 - 2013-05-06 17:36 - 00000000 ____D C:\Users\Andreas\AppData\Local\Deployment
    2013-09-10 21:34 - 2013-05-26 17:47 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Apple Computer
    2013-09-10 21:34 - 2013-05-26 17:47 - 00000000 ____D C:\Users\Andreas\AppData\Local\Apple Computer
    2013-09-10 21:28 - 2013-09-10 21:28 - 00262224 _____ C:\Windows\Minidump\091013-5803-01.dmp
    2013-09-10 21:28 - 2013-09-10 21:28 - 00000000 ____D C:\Windows\Minidump
    2013-09-10 11:11 - 2013-09-10 11:11 - 07912320 _____ C:\Users\Andreas\Downloads\[No subject].zip
    2013-09-10 11:09 - 2013-09-10 11:09 - 12930429 _____ C:\Users\Andreas\Downloads\Outlook.zip
    2013-09-09 23:42 - 2013-09-09 23:42 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Glitch2
    2013-09-09 23:38 - 2013-09-09 23:38 - 08002755 _____ C:\Users\Andreas\Downloads\Glitch2_Demo_Windows.zip
    2013-09-09 16:04 - 2013-09-09 16:04 - 01376768 _____ C:\Users\Andreas\Downloads\7z920-x64 (2).msi
    2013-09-09 16:03 - 2013-09-09 16:03 - 01376768 _____ C:\Users\Andreas\Downloads\7z920-x64 (1).msi
    2013-09-09 16:01 - 2013-09-09 16:01 - 00009347 _____ C:\Users\Andreas\Documents\Uninstall STAR WARS The Old Republic.log
    2013-09-09 15:11 - 2013-05-06 18:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2013-09-09 15:01 - 2013-09-09 15:01 - 00008450 _____ C:\Users\Andreas\Downloads\[isoHunt] Cubase 7 Crack [YIFY] (1).torrent
    2013-09-09 14:52 - 2013-09-09 14:52 - 00400465 _____ C:\Users\Andreas\Downloads\inbjudan och scen.zip
    2013-09-09 14:17 - 2013-09-09 14:04 - 00000000 ____D C:\Users\Andreas\AppData\Local\DProtect
    2013-09-09 14:15 - 2013-05-19 18:37 - 00000000 ____D C:\ProgramData\Ubisoft
    2013-09-09 14:07 - 2013-09-09 14:07 - 00000000 ____D C:\Users\Andreas\AppData\Local\avgchrome
    2013-09-09 14:05 - 2013-09-09 14:05 - 00000000 ____D C:\ProgramData\Registry Helper
    2013-09-08 18:43 - 2013-05-06 20:32 - 00000000 ____D C:\Program Files\Common Files\VST3
    2013-09-08 13:30 - 2013-05-06 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-09-07 21:11 - 2013-09-07 21:11 - 00001129 _____ C:\Users\Andreas\Downloads\[isoHunt] 4814113.torrent
    2013-09-07 20:42 - 2013-06-19 01:52 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Waves Audio
    2013-09-07 20:41 - 2013-09-07 20:40 - 02766872 _____ (Acresso Software Inc.) C:\Users\Andreas\Downloads\woli (1).exe
    2013-09-07 20:22 - 2013-09-07 20:22 - 00000000 ____D C:\ProgramData\Audio Damage
    2013-09-07 20:03 - 2013-09-07 20:03 - 00007341 _____ C:\Users\Andreas\Downloads\[isoHunt] Audio.Damage.Axon.Ver.1.1.and.Discord.3.Ver.1.1.OSX.WIN.AU.VST.torrent
    2013-09-07 19:27 - 2013-09-07 19:27 - 00001109 _____ C:\Users\Andreas\Downloads\[isoHunt] 4814056.torrent
    2013-09-07 19:18 - 2013-09-07 19:18 - 00011774 _____ C:\Users\Andreas\Downloads\[isoHunt] Waves Diamond Bundle v5.2.zip.torrent
    2013-09-07 19:15 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-09-07 19:15 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-09-07 19:13 - 2013-09-07 19:13 - 00008450 _____ C:\Users\Andreas\Downloads\[isoHunt] Cubase 7 Crack [YIFY].torrent
    2013-09-06 04:38 - 2013-09-06 04:38 - 00389120 _____ (SafeApp Software, LLC) C:\Windows\SysWOW64\RegistryHelperLM.ocx
    2013-08-25 23:50 - 2013-05-06 20:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Steinberg
    2013-08-25 23:49 - 2013-08-25 23:49 - 00000000 ____D C:\Users\Andreas\AppData\Local\Steinberg
    2013-08-24 23:21 - 2013-07-20 23:25 - 00004737 _____ C:\Users\Andreas\Documents\TombRaider.log
    2013-08-24 01:42 - 2013-08-24 01:42 - 00076898 _____ C:\Users\Andreas\Downloads\EWQL_Symphonic_Orchestra_v1.0.zip
    2013-08-24 00:51 - 2013-08-24 00:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
    2013-08-24 00:50 - 2013-08-24 00:50 - 00000000 ____D C:\Windows\SysWOW64\NV
    2013-08-24 00:50 - 2013-08-24 00:50 - 00000000 ____D C:\Windows\system32\NV
    2013-08-23 16:43 - 2013-08-23 16:43 - 01886624 _____ C:\Users\Andreas\Downloads\Bild 2.zip
    2013-08-21 15:16 - 2013-08-20 23:47 - 00000000 ____D C:\Users\Andreas\Audio
    2013-08-21 15:12 - 2013-08-21 15:12 - 00000000 ____D C:\Users\Andreas\Images
    2013-08-20 15:33 - 2013-09-09 15:11 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2013-08-20 15:32 - 2013-09-09 15:11 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2013-08-20 15:32 - 2013-08-11 15:09 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2013-08-20 00:20 - 2013-08-20 00:20 - 00000000 ____D C:\Program Files (x86)\EastWest
    2013-08-20 00:20 - 2013-05-09 14:44 - 00000000 ____D C:\ProgramData\East West
    2013-08-19 22:31 - 2013-08-19 22:24 - 497555153 _____ C:\Users\Andreas\Downloads\Play_Update_4.0.12_64_bit.zip
    2013-08-19 15:31 - 2013-08-19 15:31 - 00001450 _____ C:\Users\Public\Desktop\iTunes.lnk
    2013-08-19 15:31 - 2013-08-19 15:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-08-19 15:31 - 2013-08-19 15:30 - 00000000 ____D C:\Program Files\iTunes
    2013-08-19 15:30 - 2013-08-19 15:30 - 00000000 ____D C:\Program Files\iPod
    2013-08-19 00:32 - 2013-06-20 00:06 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2013-08-18 23:02 - 2013-08-24 00:49 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 22101792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 13627696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 11271968 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2013-08-18 23:02 - 2013-08-24 00:49 - 09281032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 07720576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 07648000 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 06329552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 02970400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 02789152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 02007328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 02007328 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432680.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432680.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00681760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00603424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00586016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00515360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00458528 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00388384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
    2013-08-18 23:02 - 2013-08-24 00:49 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
    2013-08-18 23:02 - 2013-05-25 00:31 - 01222824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2013-08-18 23:02 - 2013-05-25 00:31 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2013-08-18 23:02 - 2013-05-25 00:31 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 15900936 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 15703176 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 12946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 02986672 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 02630304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2013-08-18 23:02 - 2013-05-06 18:01 - 00022581 _____ C:\Windows\system32\nvinfo.pb
    2013-08-18 21:34 - 2013-05-06 18:01 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2013-08-18 21:34 - 2013-05-06 18:01 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2013-08-18 21:34 - 2013-05-06 18:01 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2013-08-18 21:34 - 2013-05-06 18:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2013-08-18 21:34 - 2013-05-06 18:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2013-08-18 20:23 - 2013-08-18 20:23 - 00000940 _____ C:\Users\Public\Desktop\Free MP4 Video Converter.lnk
    2013-08-18 20:23 - 2013-08-18 20:21 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\DVDVideoSoft
    2013-08-18 20:21 - 2013-08-18 20:21 - 01204608 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas\Downloads\FreeMP4VideoConverter.exe
    2013-08-18 20:21 - 2013-08-18 20:21 - 01204608 _____ (DVDVideoSoft Ltd. ) C:\Users\Andreas\Downloads\FreeMP4VideoConverter (1).exe
    2013-08-18 20:15 - 2013-06-20 07:59 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\dvdcss
    2013-08-18 18:30 - 2013-06-17 19:52 - 00000000 ___RD C:\Program Files (x86)\Skype
    2013-08-18 17:59 - 2013-08-18 17:58 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Ample Sound
    2013-08-18 17:56 - 2013-08-18 16:53 - 228607849 _____ C:\Users\Andreas\Downloads\AGML_1_1_0_Installer.rar
    2013-08-18 16:41 - 2013-08-18 16:41 - 11835335 _____ C:\Users\Andreas\Downloads\DSK_Asian_DreamZ.zip
    2013-08-18 15:00 - 2013-06-17 19:52 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype
    2013-08-18 14:58 - 2013-08-18 14:58 - 00571168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2013-08-18 14:43 - 2013-08-18 14:43 - 00003686 _____ C:\Windows\System32\Tasks\{A6250E4F-4EA9-4442-8799-6D551EF03431}
    2013-08-18 14:42 - 2013-08-18 14:42 - 00000000 ____D C:\ProgramData\Big Fish Audio
    2013-08-17 07:30 - 2013-05-06 18:01 - 03319709 _____ C:\Windows\system32\nvcoproc.bin
    2013-08-17 00:30 - 2013-08-17 00:29 - 18241765 _____ C:\Users\Andreas\Downloads\IxoxFlute_v0.2.zip
    2013-08-16 12:32 - 2013-08-16 12:32 - 02377467 _____ C:\Users\Andreas\Downloads\Gothia Concentus -noter.zip
    2013-08-16 11:49 - 2013-06-17 19:52 - 00000000 ____D C:\ProgramData\Skype
    2013-08-15 23:58 - 2013-08-15 23:58 - 00034872 _____ C:\Users\Andreas\Downloads\[isoHunt] download (3).torrent
    2013-08-15 23:57 - 2013-08-15 23:57 - 00035667 _____ C:\Users\Andreas\Downloads\[isoHunt] Star.Trek.Into.Darkness.2013.TS.XVID.AC3.HQ.Hive-CM8.torrent
    2013-08-15 23:02 - 2013-08-15 23:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
    2013-08-15 23:02 - 2013-08-15 23:01 - 10231662 _____ (The qBittorrent project) C:\Users\Andreas\Downloads\qbittorrent_3.0.11_setup (1).exe
    2013-08-15 23:02 - 2013-05-06 19:13 - 00000000 ____D C:\Program Files (x86)\qBittorrent
    2013-08-15 23:01 - 2013-08-15 23:01 - 00028522 _____ C:\Users\Andreas\Downloads\[isoHunt] After.Earth.2013.CAM.XVID-Snake.torrent
    2013-08-15 16:28 - 2013-08-15 16:27 - 10231662 _____ (The qBittorrent project) C:\Users\Andreas\Downloads\qbittorrent_3.0.11_setup.exe
    2013-08-15 16:27 - 2013-08-15 16:26 - 00215808 _____ C:\Users\Andreas\Downloads\[isoHunt] 912D0F80B375984560CCB2D4103FB79C5F7729F5.torrent
    Files to move or delete:
    ====================
    C:\Users\Andreas\AppData\Local\Temp\1_Offer_6.exe
    C:\Users\Andreas\AppData\Local\Temp\98631uninstall.exe
    C:\Users\Andreas\AppData\Local\Temp\H20.exe
    C:\Users\Andreas\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Andreas\AppData\Local\Temp\PlaySound.dll
    C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
    C:\Users\Andreas\AppData\Local\Temp\SevenZip-Installer.exe
    C:\Users\Andreas\AppData\Local\Temp\SHSetup.exe
    C:\Users\Andreas\AppData\Local\Temp\Sqlite3.dll
    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2013-09-11 21:58
    ==================== End Of Log ============================
     
  5. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    And here's the Additional log:

    ----------------------------------------

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013 02
    Ran by Andreas at 2013-09-12 19:54:37
    Running from C:\Users\Andreas\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Installed Programs =======================
    7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
    Adblock Plus for IE (32-bit and 64-bit) (Version: 1.0)
    Adblock Plus for IE (x32 Version: 1.0)
    Addictive Drums (x32)
    Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
    Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
    Adobe Reader XI (11.0.04) - Svenska (x32 Version: 11.0.04)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (x32 Version: 2.1.3.127)
    Apple-programstöd (x32 Version: 2.3.4)
    Assassin's Creed II (x32)
    Assassin's Creed(R) III v1.05 (x32 Version: 1.05)
    ASUS USB-N13 WLAN Card Utilities & Driver (x32 Version: 1.0.0.7)
    AudioConverter (x32)
    BankID säkerhetsprogram (x32 Version: 4.19.3)
    Bioshock Infinite (x32)
    Bonjour (Version: 3.0.0.10)
    BOSS (x32 Version: 2.1.1)
    Cinesamples Drums of War 2 (x32)
    Cisco EAP-FAST Module (x32 Version: 2.2.14)
    Cisco LEAP Module (x32 Version: 1.0.19)
    Cisco PEAP Module (x32 Version: 1.1.6)
    Company of Heroes 2 (x32)
    DAEMON Tools Lite (x32 Version: 4.47.1.0333)
    diamondata 3.0.0 (Version: 3.0.0)
    DigiDesign Focusrite D3 AudioSuite 1.51.345 (x32)
    DProtect (x32)
    Dropbox (HKCU Version: 2.0.22)
    East West Ra (x32)
    East West Stormdrum Kompakt (x32)
    East West Symphonic Choirs (x32)
    eLicenser Control (x32)
    EWQL Orchestra 24 Bit Platinum (Version: 1.0.083)
    Free MP4 Video Converter version 5.0.28.812 (x32 Version: 5.0.28.812)
    GeForce Experience NvStream Client Components (Version: 0.1.87)
    Google Chrome (x32 Version: 29.0.1547.66)
    Google Update Helper (x32 Version: 1.3.21.153)
    Grand Theft Auto IV (HKCU)
    Guitar Pro 5.2 (x32)
    Half-Life 2 (x32)
    Half-Life 2: Lost Coast (x32)
    Handelsbanken kortläsare (x32 Version: 1.00.0000)
    iCloud (Version: 2.1.2.8)
    Intel(R) Processor Graphics (x32 Version: 9.17.10.2932)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.5.235)
    iTunes (Version: 11.0.5.5)
    Kontakt Designer Volume 1 - Metallurgy (x32)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
    Mass Effect 2 (x32)
    Max Payne 3 (x32)
    Metro: Last Light (c) Deep Silver version 1 (x32 Version: 1)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
    Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
    Microsoft Office XP Standard (x32 Version: 10.0.6626.0)
    Microsoft Security Client (Version: 4.3.0215.0)
    Microsoft Security Essentials (Version: 4.3.215.0)
    Microsoft Silverlight (Version: 5.1.20513.0)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106)
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106)
    N.I. Reaktor v5.1.1 (x32 Version: 5.1.1)
    Native Instruments Absynth 4 (x32)
    Native Instruments Battery 4 (Version: 4.0.1.2234)
    Native Instruments Battery 4 (x32 Version: 4.0.1.2234)
    Native Instruments Controller Editor (Version: 1.5.1.1124)
    Native Instruments Controller Editor (x32)
    Native Instruments Damage (Version: 1.0.0.003)
    Native Instruments Damage (x32)
    Native Instruments Electric Vice (Version: 1.0.0.002)
    Native Instruments Electric Vice (x32)
    Native Instruments Guitar Rig 5 (Version: 5.1.1.2673)
    Native Instruments Guitar Rig 5 (x32)
    Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625)
    Native Instruments Guitar Rig Mobile I/O (x32)
    Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625)
    Native Instruments Guitar Rig Session I/O (x32)
    Native Instruments Kontakt 5 (Version: 5.1.0.6066)
    Native Instruments Kontakt 5 (x32)
    Native Instruments Massive v1.0.1.008 VSTi DXi RTAS (x32)
    Native Instruments Monark (Version: 1.0.0.001)
    Native Instruments Monark (x32)
    Native Instruments Rig Kontrol 3 (Version: 3.0.0.625)
    Native Instruments Rig Kontrol 3 (x32)
    Native Instruments Service Center (Version: 2.3.2.926)
    Native Instruments Service Center (x32)
    Native Instruments Vienna Concert Grand (Version: 1.0.0.002)
    Native Instruments Vienna Concert Grand (x32)
    Native Instruments Xpress Keyboards (x32)
    NETGEAR USB Control Center (x32 Version: 1.11)
    Nexus Mod Manager (Version: 0.44.15)
    NVIDIA 3D Vision Controller Driver 326.80 (Version: 326.80)
    NVIDIA 3D Vision Driver 326.80 (Version: 326.80)
    NVIDIA Control Panel 326.80 (Version: 326.80)
    NVIDIA GeForce Experience 1.6.1 (Version: 1.6.1)
    NVIDIA Graphics Driver 326.80 (Version: 326.80)
    NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
    NVIDIA Install Application (Version: 2.1002.133.902)
    NVIDIA PhysX (x32 Version: 9.13.0725)
    NVIDIA PhysX System Software 9.13.0725 (Version: 9.13.0725)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2680)
    NVIDIA Update 8.3.14 (Version: 8.3.14)
    NVIDIA Update Components (Version: 8.3.14)
    NVIDIA Virtual Audio 1.2.5 (Version: 1.2.5)
    Play Update 3.0.47 (Version: 3.0.47)
    PunkBuster Services (x32 Version: 0.991)
    qBittorrent 3.0.11 (x32 Version: 3.0.11)
    QUAD-CAPTURE Driver
    QuickTime (x32 Version: 7.74.80.86)
    RCRN - Realistic Colors and Real Nights v3.6 (x32)
    Realtek Ethernet Controller Driver (x32 Version: 7.65.1025.2012)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6767)
    rgc:audio z3ta+ 1.5 (x64) (Version: 1.5)
    Rockstar Games Social Club (x32 Version: 1.1.0.6)
    SHIELD Streaming (Version: 1.05.28)
    Skype Click to Call (x32 Version: 6.11.13348)
    Skype™ 6.6 (x32 Version: 6.6.106)
    Spotify (HKCU Version: 0.9.1.57.ge7405149)
    Steam (x32 Version: 1.0.0.0)
    Steinberg Cubase 5 (x32 Version: 5.1.0)
    Steinberg Cubase 7 64bit (Version: 7.0.5)
    Steinberg Drum Loop Expansion 01 (x32 Version: 2.0.0.0)
    Steinberg Eucon Adapter 6.5 64bit (Version: 6.5.1)
    Steinberg Groove Agent ONE Allen Morgan Signature Drums (x32 Version: 1.0.0)
    Steinberg Groove Agent ONE Content (x32 Version: 1.0.0.003)
    Steinberg Groove Agent ONE Vintage Beatboxes (x32 Version: 1.0.0.000)
    Steinberg HALion Sonic SE 64bit (Version: 1.6.3)
    Steinberg HALion Sonic SE Content (x32 Version: 1.6.1)
    Steinberg HALionOne (x32 Version: 1.1.0.457)
    Steinberg HALionOne Expression Set (x32 Version: 1.0.1.0)
    Steinberg HALionOne GM Drum Set (x32 Version: 1.0.1.457)
    Steinberg HALionOne GM Set (x32 Version: 1.0.1.457)
    Steinberg HALionOne Pro Set (x32 Version: 1.0.1.457)
    Steinberg HALionOne Studio Drum Set (x32 Version: 1.0.1.457)
    Steinberg HALionOne Studio Set (x32 Version: 1.0.1.457)
    Steinberg LoopMash Content (x32 Version: 2.0.0.000)
    Steinberg LoopMash Content 2 (x32 Version: 1.0.0.000)
    Steinberg Midi Loop Library (x32 Version: 1.0.0)
    Steinberg Padshop 64bit (Version: 1.1.0)
    Steinberg Retrologue 64bit (Version: 1.1.0)
    Steinberg REVerence Content 01 (x32 Version: 2.0.1.000)
    Steinberg Upload Manager (x32 Version: 1.0.1)
    Steinberg VST Amp Rack Content 01 (x32 Version: 1.0.1)
    SUPERAntiSpyware (Version: 5.6.1032)
    The Elder Scrolls V: Skyrim (x32)
    The Walking Dead.Gold Edition (x32 Version: The Walking Dead.Gold Edition)
    Total War: SHOGUN 2 (x32)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
    Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
    Uplay (x32 Version: 2.1)
    Waves Diamond Bundle 4.05 (x32)
    Waves Musicians Bundle v5.0 (x32)
    Waves Renaissance Collection 2 3.5 (x32)
    Waves SSL Collection v1.2 (x32)
    Waves Vocal Bundle v1.1 (x32)
    Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
    WinRAR 4.20 (64-bit) (Version: 4.20.0)
    VLC media player 2.0.8 (x32 Version: 2.0.8)
    ==================== Restore Points =========================
    08-09-2013 11:30:28 Removed Waves Complete V9r13
    09-09-2013 12:15:05 Borttagen Tom Clancy's Splinter Cell Conviction
    10-09-2013 16:38:05 Windows Update
    10-09-2013 20:28:56 Adblock Plus for IE
    11-09-2013 13:02:39 Installed SpyHunter
    11-09-2013 13:15:37 Removed SpyHunter
    ==================== Hosts content: ==========================
    2009-07-14 04:34 - 2013-05-27 20:31 - 00000418 ____N C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 http://virscan.com
    127.0.0.1 http://virusscan.jotti.org/
    127.0.0.1 virusscan.jotti.org/
    127.0.0.1 www.virusscan.jotti.org/
    127.0.0.1 scanner.novirusthanks.org/
    127.0.0.1 http://scanner.novirusthanks.org/
    127.0.0.1 www.scanner.novirusthanks.org/
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
    Task: {046E26A7-4069-49A2-B8DF-8883B552EF12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
    Task: {2112FA30-2927-4F9F-BB36-5073BFCEADDA} - System32\Tasks\{D96E26C6-A291-4179-A2F0-9AE7ECCCC012} => D:\Spel\SteamApps\common\Assassin's Creed 2\AssassinsCreedIIGame.exe [2013-05-19] ()
    Task: {21ADFEEE-F1A4-4A9B-B811-BBB6FE2AC5E5} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
    Task: {43716F4E-CC1F-48F4-82AB-D078E67061FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {7224936C-B9A0-409A-AE45-40D34E1FD738} - System32\Tasks\{B1B3C8E7-9C61-4078-8919-173C0241188C} => C:\Windows\System32\msiexec.exe [2010-11-21] (Microsoft Corporation)
    Task: {824217C9-6458-4C54-ABC2-9885330C2939} - \BrowserDefendert No Task File
    Task: {8C6C1ADF-1727-4D15-8D4C-E8296FFD0B5F} - System32\Tasks\{E73EC5B8-42D8-459A-A007-6762F600FE08} => C:\Windows\System32\msiexec.exe [2010-11-21] (Microsoft Corporation)
    Task: {941C33E8-A4FE-49DE-ABDC-D77A0CEE2ED6} - System32\Tasks\{B9B5F397-FB17-4707-8DA1-5E49DBA3E235} => D:\Spel\SteamApps\common\Assassin's Creed 2\AssassinsCreedIIGame.exe [2013-05-19] ()
    Task: {AF96A84F-2173-4339-909F-770BB5110268} - System32\Tasks\{8D3611FC-8DDB-408D-9A8F-085FA81B3726} => C:\Windows\System32\msiexec.exe [2010-11-21] (Microsoft Corporation)
    Task: {B47FAC9A-AC90-4606-86E7-CF0F0E1B832E} - \EPUpdater No Task File
    Task: {B70E19C7-175E-4ED8-9459-AFC557450036} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {C5D9CB87-5131-40D9-A9DF-58C32B56F634} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
    Task: {D9604A07-5F51-46FA-A6BC-14CB9FA978A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E1F8AC3D-4C65-481C-B608-09278C8D4365} - System32\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-05-23] (SUPERAdBlocker.com)
    Task: {ED1BDE69-214B-42D5-8CCA-3B2BB7506040} - \Dealply No Task File
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2a1c52e5-debe-46ae-a8f3-bb926b2c3236.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 765ddd47-7860-490e-974f-4944e3312867.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    ==================== Loaded Modules (whitelisted) =============
    2013-05-25 00:31 - 2013-08-18 23:02 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2013-05-06 18:01 - 2013-08-18 23:02 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-05-06 18:01 - 2013-08-18 23:02 - 01412832 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2013-05-06 18:01 - 2013-08-18 23:02 - 15900936 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2012-12-14 02:42 - 2012-12-14 02:42 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrSVE.lrc
    2012-11-12 13:34 - 2013-05-06 18:03 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2013-05-06 18:01 - 2013-08-18 23:02 - 15703176 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2013-05-25 02:36 - 2013-05-25 02:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    2013-05-18 16:36 - 2013-04-13 07:49 - 00308736 _____ (Microsoft Corporation) C:\Windows\AppPatch\AppPatch64\AcGenral.DLL
    2013-05-06 20:31 - 2012-12-07 16:48 - 01714176 _____ (Steinberg Media Technologies GmbH) C:\Windows\system32\SYNSOACC.DLL
    2013-02-22 08:51 - 2013-02-22 08:51 - 01772544 _____ (Steinberg Media Technologies GmbH) C:\Program Files\Common Files\Steinberg\Shared Components\euconadapter65.dll
    2012-11-02 20:27 - 2012-11-02 20:27 - 01625088 _____ (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\omffilter.dll
    2012-11-08 17:23 - 2012-11-08 17:23 - 00659456 _____ (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\VSTPlugManager.dll
    2013-02-27 14:12 - 2013-02-27 14:12 - 00582144 _____ (Steinberg Media Technologies GmbH) C:\Program Files\Steinberg\Cubase 7\Components\Baios.dll
    2013-06-03 13:44 - 2013-06-03 13:44 - 02997760 _____ (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\videoengine.dll
    2013-05-27 21:46 - 2011-02-18 15:10 - 00138240 _____ (Roland Corporation) C:\Windows\system32\Rdas1117.dll
    2012-11-26 12:12 - 2012-11-26 12:12 - 02181120 _____ (Propellerhead Software AB) C:\Program Files\Common Files\Propellerhead Software\ReWire\ReWire.dll
    2012-12-03 16:09 - 2012-12-03 16:09 - 00388608 _____ (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\Components\hubservice.dll
    2013-06-13 11:45 - 2013-06-13 11:45 - 00053760 _____ (Steinberg Media Technologies GmbH) C:\Program Files\Steinberg\Cubase 7\Components\exceptiondumper.dll
    2013-08-24 00:49 - 2013-08-18 23:02 - 29337376 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.DLL
    2013-05-31 15:14 - 2013-05-31 15:14 - 15564288 _____ (Steinberg Media Technologies) C:\Program Files\Steinberg\Cubase 7\VST3\Cubase Plug-in Set.vst3
    2013-02-14 15:49 - 2013-02-14 15:49 - 01710592 _____ (Steinberg) C:\Program Files\Steinberg\Cubase 7\VST3\surroundpanner.vst3
    2013-05-26 17:32 - 2010-06-29 15:22 - 01367040 _____ (Hewlett-Packard ) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006U.DLL
    2013-05-26 17:32 - 2010-06-29 15:22 - 00077824 _____ (Hewlett-Packard ) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006L.DLL
    2013-05-26 17:32 - 2010-06-29 15:22 - 00290816 _____ (Hewlett-Packard ) C:\Windows\system32\spool\DRIVERS\x64\3\HP1006C.DLL
    2012-11-30 17:54 - 2012-11-30 17:54 - 44222976 _____ (Steinberg Media Technologies) C:\Program Files\Common Files\Steinberg\Shared Components\HALion Sonic SE\HALion Sonic SE.dll
    2013-05-27 18:37 - 2012-12-19 17:00 - 40186232 _____ (Native Instruments GmbH) C:\Program Files\Steinberg\Vstplugins\Kontakt 5.dll
    2013-03-31 17:00 - 2013-03-31 17:00 - 00318464 _____ (Propellerhead Software AB) C:\Program Files\Common Files\Native Instruments\Helper\REX Shared Library 64.dll
    2012-12-19 17:00 - 2012-12-19 17:00 - 04125184 _____ (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Kontakt 5\kconvert64.dll
    2013-05-25 02:44 - 2013-04-17 12:45 - 16858051 _____ (East West) C:\Program Files\Steinberg\Vstplugins\play_VST_x64.dll
    2013-04-17 11:38 - 2013-04-17 11:38 - 02294784 _____ (East West) C:\ProgramData\East West\playgui\playgui_x64.dll
    2011-03-09 15:45 - 2011-03-09 15:45 - 03331584 _____ () C:\ProgramData\East West\playgui\QtCore_x64_4.dll
    2011-03-09 15:55 - 2011-03-09 15:55 - 11862528 _____ () C:\ProgramData\East West\playgui\QtGui_x64_4.dll
    2011-03-09 15:46 - 2011-03-09 15:46 - 01217024 _____ () C:\ProgramData\East West\playgui\QtNetwork_x64_4.dll
    2013-06-12 15:50 - 2012-11-27 17:00 - 77175160 _____ (Native Instruments GmbH) C:\Program Files\Steinberg\Vstplugins\Guitar Rig 5.dll
    2013-09-09 14:04 - 2013-09-09 14:04 - 00506944 _____ () C:\Users\Andreas\AppData\Local\DProtect\eBP.dll
    2013-09-09 14:04 - 2013-09-09 14:04 - 00062016 _____ () C:\Users\Andreas\AppData\Local\DProtect\eBPSD.dll
    2013-04-21 21:44 - 2013-04-21 21:44 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
    2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-15 13:07 - 2012-11-15 13:07 - 00794560 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\tokenapi.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00481216 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\branding.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00083904 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\br_enu.dll
    2012-11-15 13:11 - 2012-11-15 13:11 - 00723904 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_dan.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00725440 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_fin.dll
    2012-11-15 13:11 - 2012-11-15 13:11 - 00104896 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_frfr.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00731584 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_nlnl.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00721344 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_nor.dll
    2012-11-15 13:12 - 2012-11-15 13:12 - 00102848 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_plpl.dll
    2012-11-15 13:11 - 2012-11-15 13:11 - 00103360 _____ (Technology Nexus AB) C:\Program Files (x86)\Personal\bin\lng_svse.dll
    2012-11-14 01:32 - 2012-11-14 01:32 - 03558400 _____ (wxWidgets development team) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
    2013-03-13 22:48 - 2013-03-13 22:48 - 24978944 _____ () C:\Users\Andreas\AppData\Roaming\Dropbox\bin\libcef.dll
    2013-03-13 22:48 - 2013-03-13 22:48 - 09956864 _____ (The ICU Project) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\icudt.dll
    2010-11-21 05:25 - 2010-11-21 05:25 - 00051200 _____ (Twain Working Group) C:\Windows\twain_32.dll
    2013-08-16 09:07 - 2013-08-16 09:07 - 00148808 _____ (Apple Inc.) D:\iTunes\iTunesHelper.dll
    2013-08-16 09:17 - 2013-08-16 09:17 - 00041800 _____ (Apple Inc.) D:\iTunes\iTunesHelper.Resources\sv.lproj\iTunesHelperLocalized.DLL
    2013-08-16 09:07 - 2013-08-16 09:07 - 00040264 _____ (Apple Inc.) D:\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
    2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
    2013-05-06 20:31 - 2012-10-25 17:30 - 01503232 _____ (Steinberg Media Technologies GmbH) C:\Program Files (x86)\eLicenser\POS\SynsoSeL.dll
    2013-09-09 16:50 - 2004-10-11 15:57 - 04833280 _____ (Native Instruments Software Synthesis GmbH) C:\Program Files\Steinberg\Cubase 7\VSTPlugIns\Pro-53XpressVST.dll
    2013-06-10 00:46 - 2004-10-08 17:13 - 00696320 _____ (Native Instruments GmbH) C:\Program Files (x86)\Native Instruments\Pro-53 Xpress\Presets\Pro-53.DLL
    2013-08-13 16:54 - 2013-08-13 16:54 - 00441608 _____ (Adblock Plus) C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
    2013-09-11 00:36 - 2013-09-11 00:36 - 16242568 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_168.ocx
    ==================== Alternate Data Streams (whitelisted) ==========
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:e9vwLAy8RuMToojZBgGSrpWWMn
    AlternateDataStreams: C:\ProgramData\Microsoft:2OPWWz6gTBf6k3gT9GsEKp02UENd
    AlternateDataStreams: C:\ProgramData\Microsoft:TWXdsqCtPZG9iBebiSspi
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\Users\Andreas\Local Settings:uUO0HEtw8Yi6JMfRvc7V
    AlternateDataStreams: C:\Users\Andreas\AppData\Local:uUO0HEtw8Yi6JMfRvc7V
    AlternateDataStreams: C:\Users\Andreas\AppData\Local\Application Data:uUO0HEtw8Yi6JMfRvc7V

    ==================== Faulty Device Manager Devices =============
    Name: SM Bus Controller
    Description: SM Bus Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    ==================== Memory info ===========================
    Percentage of memory in use: 36%
    Total physical RAM: 16268.51 MB
    Available physical RAM: 10331.36 MB
    Total Pagefile: 32535.21 MB
    Available Pagefile: 26044.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:167.58 GB) (Free:34.75 GB) NTFS
    Drive d: (Magamemnon) (Fixed) (Total:1863.01 GB) (Free:1140.08 GB) NTFS
    Drive f: (INTENSO) (Fixed) (Total:596.17 GB) (Free:272.86 GB) NTFS
    Drive g: (Electric Vice) (CDROM) (Total:0.31 GB) (Free:0 GB) UDF
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4E2BD590)
    Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 75812EF6)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (Size: 596 GB) (Disk ID: 2E6186C6)
    Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  6. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Here's the RogueKiller log:

    -----------------------------------------

    RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Andreas [Admin rights]
    Mode : Scan -- Date : 09/12/2013 20:04:01
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] DProtectSvc.exe -- C:\Users\Andreas\AppData\Local\DProtect\DProtectSvc.exe [7] -> KILLED [TermProc]
    [HIDDEN] DProtectSvc.exe -- C:\Users\Andreas\AppData\Local\DProtect\DProtectSvc.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : Mal.Hosts ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts
    127.0.0.1 hxxp://virusscan.jotti.org/ --> Potentially malicious!
    127.0.0.1 virusscan.jotti.org/ --> Potentially malicious!
    127.0.0.1 www.virusscan.jotti.org/ --> Potentially malicious!
    127.0.0.1 hxxp://virscan.com
    127.0.0.1 hxxp://virusscan.jotti.org/
    127.0.0.1 virusscan.jotti.org/
    127.0.0.1 www.virusscan.jotti.org/
    127.0.0.1 scanner.novirusthanks.org/
    127.0.0.1 hxxp://scanner.novirusthanks.org/
    127.0.0.1 www.scanner.novirusthanks.org/

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST2000DM001-1CH164 ATA Device +++++
    --- User ---
    [MBR] 192c5de1be4b7c8d834f8bac49b3c9ff
    [BSP] 9ef20e3fe1d82828c669a9f90d9c65a5 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: ST2000DM001-1CH164 ATA Device +++++
    --- User ---
    [MBR] 29eef110312278052910115fc28690df
    [BSP] f7c05f3204fcafcf7ffbcd3ed6fc9d31 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 171603 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive2: ST2000DM001-1CH164 ATA Device +++++
    --- User ---
    [MBR] 347a115c9e3f28752a81f92ea84cd48c
    [BSP] b90bc91a76b9ab15dfe127e04c2b074b : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 610477 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[0]_S_09122013_200401.txt >>
     
  7. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Hi guys.

    Update. When I try to add a file into a mail, "Internet Explorer stops working", and the web page is reloaded. Don't know if this has to do with the QVO6-maleware, but I guess so.
     
  8. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Lets first try and remove the infection then we can deal with any remaining performance issues.

    Run these scans in the order listed.

    Please download RKill
    There are three buttons to choose from with different names on, select the first one and save it to your desktop.


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and select Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
    • If the tool does not run from any of the links provided, please let me know.
    DO NOT REBOOT until ADWCleaner has been run<-- very important

    Next, run a scan with ADWCleaner and then click on the Clean button, post the log produced after the reboot.


    NEXT: Download Shortcut Cleaner and save it to your desktop.
    Once the program has been downloaded, please double-click on the sc-cleaner.exe icon that will now be on your desktop.
    If Windows prompts you as to whether or not you wish to run Shortcut Cleaner, please allow it to run. Once the program starts, it will scan your computer for hijacked shortcuts and clean them.
    When it has finished it will display a log file that contains a list of all Windows shortcuts that were hijacked and disinfected.
    Copy & Paste the log into your next reply.
     
  9. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Ok, here's Rkill's log:

    ----------------------------

    Rkill 2.6.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 09/13/2013 11:08:36 AM in x64 mode.
    Windows Version: Windows 7 Ultimate Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
    Backup Registry file created at:
    C:\Users\Andreas\Desktop\rkill\rkill-09-13-2013-11-08-37.reg
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * No issues found.
    Checking Windows Service Integrity:
    * No issues found.
    Searching for Missing Digital Signatures:
    * C:\Windows\System32\user32.dll : 1 008 640 : 05/26/2013 07:28 PM : 2c353b6ce0c8d03225caa2af33b68d79 [NoSig]
    +-> C:\Windows\SysWOW64\user32.dll : 833 024 : 05/26/2013 07:28 PM : 861c4346f9281dc0380de72c8d55d6be [Pos Repl]
    +-> C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll : 1 008 128 : 11/21/2010 05:24 AM : fe70103391a64039a921dbfff9c7ab1b [Pos Repl]
    +-> C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll : 833 024 : 11/21/2010 05:24 AM : 5e0db2d8b2750543cd2ebb9ea8e6cdd3 [Pos Repl]
    Checking HOSTS File:
    * HOSTS file entries found:
    127.0.0.1 http://virscan.com
    127.0.0.1 http://virusscan.jotti.org/
    127.0.0.1 virusscan.jotti.org/
    127.0.0.1 www.virusscan.jotti.org/
    127.0.0.1 scanner.novirusthanks.org/
    127.0.0.1 http://scanner.novirusthanks.org/
    127.0.0.1 www.scanner.novirusthanks.org/
    Program finished at: 09/13/2013 11:08:44 AM
    Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
     
  10. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    And here's AdwCleaner after reboot:

    --------------------------------------------------

    # AdwCleaner v3.003 - Report created 13/09/2013 at 11:09:46
    # Updated 07/09/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Andreas - AGAMEMNON
    # Running from : C:\Users\Andreas\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****
    Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
    ***** [ Registry ] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16635
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    -\\ Mozilla Firefox v
    [ File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]

    -\\ Google Chrome v29.0.1547.66
    [ File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************
    AdwCleaner[R0].txt - [11954 octets] - [11/09/2013 15:57:57]
    AdwCleaner[R1].txt - [5099 octets] - [11/09/2013 23:44:09]
    AdwCleaner[R2].txt - [4245 octets] - [11/09/2013 23:59:05]
    AdwCleaner[R3].txt - [5285 octets] - [12/09/2013 00:07:04]
    AdwCleaner[R4].txt - [5405 octets] - [12/09/2013 00:17:58]
    AdwCleaner[R5].txt - [5525 octets] - [12/09/2013 00:20:51]
    AdwCleaner[R6].txt - [5645 octets] - [12/09/2013 11:08:29]
    AdwCleaner[R7].txt - [5658 octets] - [12/09/2013 13:58:53]
    AdwCleaner[R8].txt - [5778 octets] - [13/09/2013 11:09:32]
    AdwCleaner[S0].txt - [9562 octets] - [11/09/2013 15:59:09]
    AdwCleaner[S1].txt - [2867 octets] - [11/09/2013 23:45:59]
    AdwCleaner[S2].txt - [2595 octets] - [11/09/2013 23:59:22]
    AdwCleaner[S3].txt - [3047 octets] - [12/09/2013 00:07:27]
    AdwCleaner[S4].txt - [3318 octets] - [12/09/2013 00:19:05]
    AdwCleaner[S5].txt - [3287 octets] - [12/09/2013 00:21:17]
    AdwCleaner[S6].txt - [3407 octets] - [12/09/2013 11:08:42]
    AdwCleaner[S7].txt - [3418 octets] - [12/09/2013 13:59:13]
    AdwCleaner[S8].txt - [3398 octets] - [13/09/2013 11:09:46]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [3458 octets] ##########
     
  11. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    And the Shortcut Cleaner:

    -------------------------------------------------

    Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Shortcut Cleaner can be found at this link:
    http://www.bleepingcomputer.com/download/shortcut-cleaner/
    Windows Version: Windows 7 Ultimate Service Pack 1
    Program started at: 09/13/2013 11:13:37 AM.
    Scanning for registry hijacks:
    * No issues found in the Registry.
    Searching for Hijacked Shortcuts:
    Searching C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    Searching C:\ProgramData\Microsoft\Windows\Start Menu\
    * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    Searching C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    * Shortcut Cleaned: C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    Searching C:\Users\Public\Desktop\
    * Shortcut Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&u...001-1CH164_W1F2CEEFXXXXW1F2CEEF&ts=1379063427
    Searching C:\Users\Andreas\Desktop

    8 bad shortcuts found.
    Program finished at: 09/13/2013 11:13:37 AM
    Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Lets see if that has got rid of the infection. Reboot the system then please run ADWCleaner again, Scan and then Clean, and post the new log.
     
  13. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Ok, here's AwdCleaner's log:

    ----------------------------------------------

    # AdwCleaner v3.003 - Report created 14/09/2013 at 16:12:51
    # Updated 07/09/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Andreas - AGAMEMNON
    # Running from : C:\Users\Andreas\Desktop\AdwCleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****

    ***** [ Shortcuts ] *****
    Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
    Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
    Shortcut Disinfected : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
    ***** [ Registry ] *****
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
    ***** [ Browsers ] *****
    -\\ Internet Explorer v10.0.9200.16635
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    -\\ Mozilla Firefox v
    [ File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]

    -\\ Google Chrome v29.0.1547.66
    [ File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
    Deleted : homepage
    Deleted : urls_to_restore_on_startup
    *************************
    AdwCleaner[R0].txt - [11954 octets] - [11/09/2013 15:57:57]
    AdwCleaner[R1].txt - [5099 octets] - [11/09/2013 23:44:09]
    AdwCleaner[R2].txt - [4245 octets] - [11/09/2013 23:59:05]
    AdwCleaner[R3].txt - [5285 octets] - [12/09/2013 00:07:04]
    AdwCleaner[R4].txt - [5405 octets] - [12/09/2013 00:17:58]
    AdwCleaner[R5].txt - [5525 octets] - [12/09/2013 00:20:51]
    AdwCleaner[R6].txt - [5645 octets] - [12/09/2013 11:08:29]
    AdwCleaner[R7].txt - [5658 octets] - [12/09/2013 13:58:53]
    AdwCleaner[R8].txt - [5778 octets] - [13/09/2013 11:09:32]
    AdwCleaner[R9].txt - [6059 octets] - [14/09/2013 16:12:37]
    AdwCleaner[S0].txt - [9562 octets] - [11/09/2013 15:59:09]
    AdwCleaner[S1].txt - [2867 octets] - [11/09/2013 23:45:59]
    AdwCleaner[S2].txt - [2595 octets] - [11/09/2013 23:59:22]
    AdwCleaner[S3].txt - [3047 octets] - [12/09/2013 00:07:27]
    AdwCleaner[S4].txt - [3318 octets] - [12/09/2013 00:19:05]
    AdwCleaner[S5].txt - [3287 octets] - [12/09/2013 00:21:17]
    AdwCleaner[S6].txt - [3407 octets] - [12/09/2013 11:08:42]
    AdwCleaner[S7].txt - [3418 octets] - [12/09/2013 13:59:13]
    AdwCleaner[S8].txt - [3538 octets] - [13/09/2013 11:09:46]
    AdwCleaner[S9].txt - [3685 octets] - [14/09/2013 16:12:51]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [3745 octets] ##########
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Ok, this one was sent to test us.

    We need to perform a couple of fixes.


    Open Notepad and Copy & Paste the contents of the code box below into it. To do this highlight the entire contents of the box, right click on the highlighted area and select Copy then right click in the Notepad window and select Paste. Save it to the same location that FRST is saved in as fixlist.txt <--- it is very important to spell this name exactly as written here.

    Code:
    Replace: C:\Windows\SysWOW64\user32.dll  C:\Windows\System32\user32.dll
    C:\Users\Andreas\AppData\Local\Temp\1_Offer_6.exe
    C:\Users\Andreas\AppData\Local\Temp\98631uninstall.exe
    C:\Users\Andreas\AppData\Local\Temp\H20.exe
    C:\Users\Andreas\AppData\Local\Temp\OptimizerPro.exe
    C:\Users\Andreas\AppData\Local\Temp\PlaySound.dll
    C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
    C:\Users\Andreas\AppData\Local\Temp\SevenZip-Installer.exe
    C:\Users\Andreas\AppData\Local\Temp\SHSetup.exe
    C:\Users\Andreas\AppData\Local\Temp\Sqlite3.dll
    
    
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


    • Launch FRST by double clicking on it.
    • When the FRST window opens click on the Fix button just once and wait.
    • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.


    When that is done please follow this:



    • Quit all running programs.
    • Start RogueKiller.exe by double clicking on the icon.
    • Wait until Prescan has finished.
    • Ensure all boxes are ticked under "Report" tab.
    • Click on Scan.
    • Click on Hosts fix when complete.
    • Click on Report when the Deletion completes. Copy/paste the contents of the report into your next reply.


    ==============================================================

    These two fixes above needed to be done as part of the clean up and to replace a system file that was missing its digital signature. I doubt this will have any effect on the infection, but just to be sure before we move on to further scans please reboot the system when the above is all done and run ADWCleaner again and post the log.
     
  15. Addibro

    Addibro Thread Starter

    Joined:
    Sep 11, 2013
    Messages:
    41
    Ok, so if I saved the FRST program on desktop, should I create the Notpad-file on desktop as well? I also have an old FRST log on my desktop, should I delete that file first?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1108167