so... Anti Rootkit didn't find anything! should I still post the logs? next, JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.9 (09.07.2013:1)OS: Windows 7 Enterprise x64Ran by m0rb on 08/09/2013 at 23:32:00.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [service] hshld Successfully stopped: [service] hsstrayservice Successfully deleted: [service] hsstrayservice Successfully stopped: [service] hsswd Successfully deleted: [service] hsswd ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfreeSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopesSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.comSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshieldSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ef17083-57d4-4d64-ae4f-55f32a2c4571}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{d793423b-ff18-4a54-b9c9-75b3396baac4}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_myportablepim_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_fuer_easeus-data-recovery-wizard_RASMANCSSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3E94288C-DE96-40BD-AD2D-F3AAE1ED37E7}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34C70A40-3D87-43EF-96BA-F3E148592D24}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34C70A40-3D87-43EF-96BA-F3E148592D24} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"Successfully deleted: [Folder] "C:\ProgramData\premium"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\boost_interprocess"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\codecv"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\m0rb\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\hotspot shield" ~~~ FireFox Successfully deleted the following from C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\prefs.js user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-Emptied folder: C:\Users\m0rb\AppData\Roaming\mozilla\firefox\profiles\7yg9x2uh.default\minidumps [38 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 08/09/2013 at 23:35:16.69End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner log: # AdwCleaner v3.003 - Bericht erstellt am 08/09/2013 um 23:45:25# Updated 07/09/2013 von Xplode# Betriebssystem : Windows 7 Enterprise Service Pack 1 (64 bits)# Benutzername : m0rb - M0RB-PC# Gestartet von : C:\Users\m0rb\Desktop\AdwCleaner.exe# Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : BCUService ***** [ Dateien / Ordner ] ***** Ordner Gefunden : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodecvOrdner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\DeviceVMSchlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Schlüssel Gefunden : [x64] HKCU\Software\DeviceVMSchlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHookSchlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}Schlüssel Gefunden : HKLM\Software\DeviceVMSchlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v12.0 (de) [ Datei : C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\prefs.js ] Zeile gefunden : user_pref("extensions.4f97c8882496d.scode", "if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/14[...] -\\ Google Chrome v [ Datei : C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2435 octets] - [08/09/2013 23:45:25] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2495 octets] ########## - it's all good to go with me.. ESET log: C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A applicationC:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D applicationC:\Program Files (x86)\SlySoft\AnyDVD\ElbyCDIO.dll a variant of Win32/Packed.Enigma.AAF trojanC:\Qoobox\Quarantine\C\ProgramData\Codecv\uninstall.exe.vir Win32/Adware.MultiPlug.A applicationC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask applicationC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask applicationE:\downloads\Programme\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask applicationE:\Games - ISOs\Angry Birds Collection\Angry.Birds.Rio.v1.4.2.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U applicationE:\Games - ISOs\Angry Birds Collection\Angry.Birds.Seasons.v2.2.0.Cracked.READ.NFO-THETA\Patch\Patch.exe a variant of Win32/HackTool.Patcher.U applicationE:\Games - ISOs\Retro.City.Rampage.v1.06.multi5.full-THETA\Retro City Rampage.exe Win32/HackTool.Crack.B application well, apart from the very first hit (C:\BIE\bie_7install64.exe a variant of Win32/HackKMS.A application), I don't have any use for it. BUT, there's some "Avira" files listed and I am not sure whether it would be a smart move to delete those. btw - Avira (my anti-virus tool) has been deactivated, yer this scan warned me about finding anti-virus software... so I am not sure if it is right to delete those files... I'll do whatever you tell me is right. last, not least FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-09-2013Ran by m0rb (administrator) on M0RB-PC on 09-09-2013 00:47:25Running from C:\Users\m0rb\DownloadsWindows 7 Enterprise Service Pack 1 (X64) OS Language: German StandardInternet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DKService.exe(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe() C:\Program Files\Core Temp\Core Temp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Elaborate Bytes AG) C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\MOM.exe(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe() C:\Users\m0rb\Desktop\AdwCleaner.exe(Executive Software International, Inc.) C:\Program Files (x86)\DiskeeperLite\DfrgNTFS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor)HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)HKCU\...\Run: [steelSeries Engine] - C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [239104 2013-02-06] (SteelSeries ApS)HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [amd_dc_opt] - C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-29] (Avira Operations GmbH & Co. KG)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No FileStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - DefaultScope {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMBSearchScopes: HKCU - {43F32485-5564-4b1e-84B9-21A12B7F3F8A} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMBBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No FileBHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.defaultFF Homepage: google.deFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/esnlaunch,version=1.122.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\m0rb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll No FileFF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xmlFF Extension: Codecv - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\4f97c88824966@4f97c88824968.infoFF Extension: Hotspot Shield - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}FF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF Extension: No Name - C:\Users\m0rb\AppData\Roaming\Mozilla\Firefox\Profiles\7yg9x2uh.default\Extensions\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.xpiFF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\afext@anchorfree.comFF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No FileCHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (Google Update) - C:\Users\m0rb\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)CHR Plugin: (Uplay PC) - D:\- G A M E S -\Uplay\Ubisoft Game Launcher\npuplaypc.dll No FileCHR Extension: (BIODIGITAL HUMAN) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0CHR Extension: (OkayFreedom) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bckipplcmnfhblnpibpbehenelnkpecd\1.1.0_0CHR Extension: (Knightmare Tower) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdecmbmceeclagcfaobhlmijgpjighb\1.1_0CHR Extension: (NYTimes) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0CHR Extension: (The QR Code Generator) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.4_0CHR Extension: (AdBlock) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0CHR Extension: (Drakensang Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmfnnlgcclgoefnbmlkabdnpfndekmeo\1_0CHR Extension: (Battlestar Galactica Online) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihbmdfdhanakpfoiaomnelodiejioflb\1.8.3_0CHR Extension: (Lord of Ultima) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0CHR Extension: (Burrito Bison) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnlnlkkpikjojgijcdbfddkfbledeom\1.0_0CHR Extension: (Google Mail Checker) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0CHR Extension: (Feed the King) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmgcophkiclkphofoigmmfgdajkokab\1_1CHR Extension: (Chrome In-App Payments service) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0CHR Extension: (Mini Ninjas) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.19_0CHR Extension: (Psykopaint) - C:\Users\m0rb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0CHR HKLM-x32\...\Chrome\Extension: [akogkenicmciojjhoijaipjdhbjphddd] - C:\ProgramData\Codecv\akogkenicmciojjhoijaipjdhbjphddd.crxCHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crxCHR StartMenuInternet: Google Chrome - C:\Users\m0rb\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-29] (Avira Operations GmbH & Co. KG)R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-29] (Avira Operations GmbH & Co. KG)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()R2 Diskeeper; C:\Program Files (x86)\DiskeeperLite\DKService.exe [176128 2002-10-16] (Executive Software International, Inc.)R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-25] ()S2 BCUService; C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [x] ==================== Drivers (Whitelisted) ==================== R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-29] (Avira Operations GmbH & Co. KG)R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-29] (Avira Operations GmbH & Co. KG)R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-01] (DT Soft Ltd)R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-08-13] (AnchorFree Inc.)R3 SAlphamHid; C:\Windows\System32\DRIVERS\SAlpham64.sys [38016 2013-01-10] (SteelSeries Corporation)R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)R3 ALSysIO; \??\C:\Users\m0rb\AppData\Local\Temp\ALSysIO64.sys [x]S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner2013-09-08 23:43 - 2013-09-08 23:44 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT2013-09-08 23:30 - 2013-09-08 23:31 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe2013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦2013-09-07 12:05 - 2013-09-05 13:04 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt2013-09-05 12:54 - 2013-09-05 13:04 - 00000000 ____D C:\Qoobox2013-09-05 12:54 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe2013-09-05 12:54 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe2013-09-05 12:54 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe2013-09-05 12:54 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat2013-09-04 20:07 - 2013-09-04 20:08 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe2013-09-04 17:42 - 2013-09-05 13:03 - 00000000 ____D C:\Windows\ERDNT2013-09-04 17:42 - 2013-09-04 17:48 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-04 17:37 - 2013-09-04 17:47 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer ) C:\Users\m0rb\Desktop\erunt-setup.exe2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar2013-09-03 10:55 - 2013-09-08 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-03 10:53 - 2013-09-03 10:54 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz2013-09-03 01:08 - 2013-09-04 19:23 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware2013-09-03 00:22 - 2013-09-04 10:48 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk2013-09-01 20:22 - 2013-08-26 16:32 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games2013-08-31 01:37 - 2013-08-13 01:07 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-29 15:19 - 2013-08-29 15:26 - 00960960 _____ C:\Windows\PE_File.dll2013-08-29 14:50 - 2013-08-29 15:08 - 00000000 _____ C:\Windows\Path.idx2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip2013-08-29 14:04 - 2013-08-29 14:05 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar2013-08-29 14:04 - 2013-08-29 14:05 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar2013-08-29 14:04 - 2013-08-29 14:05 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar2013-08-29 14:04 - 2013-08-29 14:05 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe2013-08-26 19:35 - 2013-08-29 15:28 - 01025648 _____ C:\Windows\PE_Rom.dll2013-08-26 19:24 - 2013-08-26 19:25 - 00000000 ____D C:\Windows\System32\Tasks\ASUS2013-08-26 19:23 - 2008-01-04 13:34 - 00011832 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys2013-08-26 19:23 - 2008-01-04 13:34 - 00010216 ____N C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf2013-08-26 18:56 - 2010-08-03 13:21 - 00014464 _____ C:\Windows\SysWOW64\Drivers\AsUpIO.sys2013-08-26 18:55 - 2008-12-02 20:05 - 00184320 _____ (ASUSTeK) C:\Windows\SysWOW64\Drivers\UpdateHelper.dll2013-08-26 18:54 - 2013-08-26 19:26 - 00000090 _____ C:\setup.log2013-08-26 18:53 - 2013-08-26 19:24 - 00000000 ____D C:\Program Files (x86)\ASUS2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS2013-08-26 18:53 - 2010-08-24 15:16 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys2013-08-26 18:53 - 2010-08-18 01:28 - 00026136 _____ (Intel Corporation) C:\Windows\system32\Drivers\ICCWDT.sys2013-08-26 18:53 - 2010-06-29 15:41 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll2013-08-26 18:53 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\wdfcoinstaller01009.dll2013-08-26 18:51 - 2013-08-26 18:52 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip2013-08-26 17:09 - 2013-08-26 17:10 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar2013-08-26 15:54 - 2013-08-26 15:56 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar2013-08-25 19:53 - 2013-09-08 23:05 - 00005782 _____ C:\Windows\setupact.log2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar2013-08-25 17:50 - 2013-08-25 17:55 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar2013-08-25 17:50 - 2013-08-25 17:54 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip2013-08-15 02:35 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-08-15 02:35 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-08-15 02:35 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-08-15 02:35 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-08-15 02:35 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-08-15 02:35 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-08-15 02:35 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-08-15 02:35 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-08-15 02:35 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-08-15 02:35 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-08-15 02:35 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-08-15 02:35 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-08-15 02:35 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-08-15 02:35 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-08-15 02:35 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-08-15 02:35 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-08-15 02:35 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-08-15 02:35 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-08-15 02:35 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-08-15 02:35 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-08-15 02:32 - 2013-08-15 02:33 - 00000000 ____D C:\Windows\system32\MRT2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen2013-08-14 07:57 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2013-08-14 07:57 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2013-08-14 07:57 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2013-08-14 07:57 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2013-08-14 07:57 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2013-08-14 07:57 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2013-08-14 07:57 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2013-08-14 07:57 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll2013-08-14 07:57 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2013-08-14 07:57 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2013-08-14 07:57 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll2013-08-14 07:57 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll2013-08-14 07:57 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-08-14 07:57 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-08-14 07:57 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll2013-08-14 07:57 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-08-14 07:57 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2013-08-14 07:57 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll2013-08-14 07:57 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll2013-08-14 07:57 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-08-14 07:57 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-08-14 07:57 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-08-14 07:57 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-08-14 07:57 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2013-08-14 07:57 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2013-08-14 07:57 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2013-08-14 07:57 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2013-08-14 07:57 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2013-08-14 07:57 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2013-08-14 07:57 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2013-08-14 07:57 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2013-08-14 07:57 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2013-08-14 07:57 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2013-08-14 07:57 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip ==================== One Month Modified Files and Folders ======= 2013-09-09 00:46 - 2013-09-09 00:46 - 01948988 _____ (Farbar) C:\Users\m0rb\Downloads\FRST64.exe2013-09-09 00:41 - 2013-09-09 00:41 - 00001502 _____ C:\Users\m0rb\Desktop\eset.txt2013-09-09 00:16 - 2012-03-30 10:58 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-09-08 23:52 - 2013-09-08 23:52 - 00000000 ____D C:\Program Files (x86)\ESET2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu.exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (2).exe2013-09-08 23:50 - 2013-09-08 23:50 - 02347384 _____ (ESET) C:\Users\m0rb\Downloads\esetsmartinstaller_enu (1).exe2013-09-08 23:47 - 2013-09-08 23:47 - 00002587 _____ C:\Users\m0rb\Desktop\AdwCleaner[R0].txt2013-09-08 23:45 - 2013-09-08 23:45 - 00000000 ____D C:\AdwCleaner2013-09-08 23:44 - 2013-09-08 23:43 - 01037278 _____ C:\Users\m0rb\Desktop\AdwCleaner.exe2013-09-08 23:35 - 2013-09-08 23:35 - 00005533 _____ C:\Users\m0rb\Desktop\JRT.txt2013-09-08 23:31 - 2013-09-08 23:31 - 00000000 ____D C:\Windows\ERUNT2013-09-08 23:31 - 2013-09-08 23:30 - 01029490 _____ (Thisisu) C:\Users\m0rb\Desktop\JRT.exe2013-09-08 23:28 - 2013-09-03 10:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-08 23:20 - 2009-07-14 06:45 - 00012064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-08 23:06 - 2013-09-08 23:06 - 96566691 _____ C:\Windows\SysWOW64\㌦2013-09-08 23:06 - 2011-10-30 16:47 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini2013-09-08 23:05 - 2013-08-25 19:53 - 00005782 _____ C:\Windows\setupact.log2013-09-08 23:05 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-07 16:02 - 2011-10-30 16:11 - 01318902 _____ C:\Windows\WindowsUpdate.log2013-09-06 23:37 - 2013-08-09 21:48 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Skype2013-09-06 15:06 - 2013-08-04 16:40 - 00000000 ____D C:\Program Files (x86)\SpeedFan2013-09-06 01:47 - 2013-09-06 01:47 - 00001255 _____ C:\Users\m0rb\Desktop\OUTLAST.lnk2013-09-06 01:47 - 2011-10-31 09:44 - 00000000 ____D C:\Users\m0rb\AppData\Local\CrashDumps2013-09-06 01:35 - 2011-11-02 16:34 - 00000000 ____D C:\Users\m0rb\Documents\My Games2013-09-06 00:32 - 2012-01-13 17:54 - 00000000 ____D C:\Program Files (x86)\Futuremark2013-09-06 00:32 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information2013-09-05 15:34 - 2011-10-31 07:38 - 00100204 _____ C:\Windows\PFRO.log2013-09-05 13:04 - 2013-09-07 12:05 - 00028889 _____ C:\Users\m0rb\Desktop\ComboFix.txt2013-09-05 13:04 - 2013-09-05 13:04 - 00028889 _____ C:\ComboFix.txt2013-09-05 13:04 - 2013-09-05 12:54 - 00000000 ____D C:\Qoobox2013-09-05 13:03 - 2013-09-04 17:42 - 00000000 ____D C:\Windows\ERDNT2013-09-05 13:03 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini2013-09-05 12:28 - 2013-09-05 12:28 - 05120804 ____R (Swearware) C:\Users\m0rb\Desktop\ComboFix.exe2013-09-04 22:12 - 2013-09-04 22:12 - 00002165 _____ C:\Users\m0rb\Desktop\aswMBR.txt2013-09-04 22:12 - 2013-09-04 22:12 - 00000512 _____ C:\Users\m0rb\Desktop\MBR.dat2013-09-04 20:08 - 2013-09-04 20:07 - 04745728 _____ (AVAST Software) C:\Users\m0rb\Desktop\aswmbr.exe2013-09-04 19:23 - 2013-09-03 01:08 - 00000000 ____D C:\Users\m0rb\Desktop\diagnose_malware2013-09-04 17:48 - 2013-09-04 17:48 - 00002031 _____ C:\Users\m0rb\Desktop\RKreport[0]_S_09042013_174835.txt2013-09-04 17:48 - 2013-09-04 17:42 - 00000000 ____D C:\Users\m0rb\Desktop\RK_Quarantine2013-09-04 17:47 - 2013-09-04 17:37 - 00002034 _____ C:\Users\m0rb\Desktop\Rkill.txt2013-09-04 17:45 - 2013-09-04 17:45 - 03787264 _____ C:\Users\m0rb\Desktop\RogueKillerX64.exe2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\m0rb\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000930 _____ C:\Users\fbwuser\Desktop\NTREGOPT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000911 _____ C:\Users\fbwuser\Desktop\ERUNT.lnk2013-09-04 17:40 - 2013-09-04 17:40 - 00000000 ____D C:\Program Files (x86)\ERUNT2013-09-04 17:37 - 2013-09-04 17:37 - 00000000 ____D C:\Users\m0rb\Desktop\rkill2013-09-04 17:31 - 2013-09-04 17:31 - 00791393 _____ (Lars Hederer ) C:\Users\m0rb\Desktop\erunt-setup.exe2013-09-04 17:30 - 2013-09-04 17:30 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\m0rb\Desktop\rkill.exe2013-09-04 15:25 - 2013-09-04 15:25 - 00001758 _____ C:\Users\m0rb\Desktop\Anweisungen zur Datenträgerwiederherstellung.txt2013-09-04 15:11 - 2013-03-29 15:22 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys2013-09-04 12:12 - 2013-09-04 12:12 - 30683519 _____ C:\Users\m0rb\Downloads\Paperspls.rar2013-09-04 10:48 - 2013-09-03 00:22 - 00000000 ____D C:\Program Files (x86)\DiskeeperLite2013-09-04 02:57 - 2009-07-14 12:49 - 00696848 _____ C:\Windows\system32\perfh007.dat2013-09-04 02:57 - 2009-07-14 12:49 - 00148144 _____ C:\Windows\system32\perfc007.dat2013-09-04 02:57 - 2009-07-14 07:13 - 01613412 _____ C:\Windows\system32\PerfStringBackup.INI2013-09-03 10:54 - 2013-09-03 10:53 - 12907592 _____ (Malwarebytes Corp.) C:\Users\m0rb\Downloads\mbar-1.07.0.1005.exe2013-09-03 01:32 - 2013-09-03 01:32 - 00000000 ___DC C:\Users\m0rb\AppData\Local\MigWiz2013-09-03 00:30 - 2013-07-12 13:06 - 00000000 ____D C:\Users\m0rb\Desktop\Files2013-09-03 00:22 - 2013-09-03 00:22 - 00000780 _____ C:\Users\Public\Desktop\Diskeeper Lite.lnk2013-09-03 00:22 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help2013-09-01 23:50 - 2013-09-01 23:50 - 00001076 _____ C:\Users\Public\Desktop\Virtual CloneDrive.lnk2013-09-01 23:50 - 2013-09-01 23:50 - 00000000 ____D C:\Program Files (x86)\VirtualCloneDrive2013-09-01 23:49 - 2013-09-01 23:49 - 01588760 _____ C:\Users\m0rb\Downloads\SetupVirtualCloneDrive5460.exe2013-09-01 20:23 - 2013-09-01 20:23 - 00001086 _____ C:\Users\m0rb\Desktop\prison architect - Verknüpfung.lnk2013-09-01 20:20 - 2011-10-30 16:19 - 00000000 ____D C:\Users\m0rb2013-09-01 19:49 - 2013-09-01 19:49 - 08531968 _____ C:\Users\m0rb\Downloads\SteamInstall_German.msi2013-09-01 18:27 - 2011-11-02 14:24 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite2013-09-01 18:16 - 2013-09-01 18:16 - 00001956 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk2013-09-01 18:13 - 2013-09-01 18:13 - 00283200 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys2013-09-01 18:13 - 2013-09-01 18:13 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite2013-09-01 16:20 - 2013-09-01 16:20 - 00003202 _____ C:\Windows\System32\Tasks\{2076B10B-0E9B-4690-BD51-DD15D71E5A7F}2013-09-01 15:23 - 2013-05-08 14:14 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2013-09-01 01:29 - 2013-09-01 01:29 - 00001710 _____ C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk2013-09-01 01:29 - 2013-09-01 01:29 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games2013-08-31 02:07 - 2013-08-01 09:56 - 00000000 ____D C:\dosgames2013-08-30 09:58 - 2011-10-30 22:39 - 01123039 _____ C:\Windows\DirectX.log2013-08-29 15:28 - 2013-08-26 19:35 - 01025648 _____ C:\Windows\PE_Rom.dll2013-08-29 15:26 - 2013-08-29 15:19 - 00960960 _____ C:\Windows\PE_File.dll2013-08-29 15:08 - 2013-08-29 14:50 - 00000000 _____ C:\Windows\Path.idx2013-08-29 14:22 - 2013-08-29 14:22 - 00330853 _____ C:\Users\m0rb\Downloads\RealTemp_370.zip2013-08-29 14:05 - 2013-08-29 14:04 - 99540854 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 1.rar2013-08-29 14:05 - 2013-08-29 14:04 - 85079171 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 2.rar2013-08-29 14:05 - 2013-08-29 14:04 - 67268727 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 3.rar2013-08-29 14:05 - 2013-08-29 14:04 - 106883696 _____ C:\Users\m0rb\Downloads\Funkmaster Flex - 60 Minutes Of Funk Vol. 4.rar2013-08-29 11:40 - 2013-05-07 14:40 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys2013-08-29 11:40 - 2013-03-29 15:22 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys2013-08-27 12:26 - 2013-08-27 12:26 - 01252424 _____ C:\Users\m0rb\Downloads\DesuraInstaller.exe2013-08-27 09:05 - 2011-10-30 16:45 - 00000000 ____D C:\Users\m0rb\Documents\Bluetooth Folder2013-08-26 19:26 - 2013-08-26 18:54 - 00000090 _____ C:\setup.log2013-08-26 19:25 - 2013-08-26 19:24 - 00000000 ____D C:\Windows\System32\Tasks\ASUS2013-08-26 19:24 - 2013-08-26 18:53 - 00000000 ____D C:\Program Files (x86)\ASUS2013-08-26 19:13 - 2013-08-26 19:13 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll2013-08-26 19:00 - 2011-10-30 17:09 - 00105528 _____ C:\Users\m0rb\AppData\Local\GDIPFONTCACHEV1.DAT2013-08-26 18:58 - 2013-08-26 18:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf2013-08-26 18:58 - 2011-10-30 16:39 - 00000000 ____D C:\Program Files (x86)\Intel2013-08-26 18:53 - 2013-08-26 18:53 - 00000000 ____D C:\ProgramData\ASUS2013-08-26 18:52 - 2013-08-26 18:51 - 292246834 _____ C:\Users\m0rb\Downloads\AISuite_II_P8P.zip2013-08-26 17:10 - 2013-08-26 17:09 - 122582464 _____ C:\Users\m0rb\Downloads\DSpdL_v1.0.2.123456_GERMAN-BiTE.rar2013-08-26 16:32 - 2013-09-01 20:22 - 00002168 _____ C:\Users\m0rb\Desktop\sir_alpha_v0.3.4518 - Verknüpfung.lnk2013-08-26 15:56 - 2013-08-26 15:54 - 495923496 _____ C:\Users\m0rb\Downloads\Gone.Home-WaLMaRT.rar2013-08-25 19:53 - 2013-08-25 19:53 - 00000000 _____ C:\Windows\setuperr.log2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part04.rar2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part02.rar2013-08-25 17:55 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part01.rar2013-08-25 17:54 - 2013-08-25 17:50 - 100431872 _____ C:\Users\m0rb\Downloads\DSA-NLT.part03.rar2013-08-24 01:58 - 2013-08-24 01:58 - 00000000 _____ C:\Users\m0rb\Desktop\DOWNLOADS !!!.txt2013-08-23 16:42 - 2013-04-27 18:25 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\vlc2013-08-21 22:57 - 2013-08-21 22:57 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Wayforward Technologies2013-08-21 18:35 - 2013-08-21 18:35 - 53767044 _____ C:\Users\m0rb\Downloads\battlefield3_ost_mp3_1376097014.zip2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Windows\9530AE42DAE146199594B23487285D17.TMP2013-08-21 16:01 - 2013-08-21 16:01 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Arrowhead2013-08-21 15:16 - 2012-03-30 10:58 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-08-21 15:16 - 2012-03-30 10:58 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2013-08-21 15:16 - 2011-10-30 16:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-08-21 12:23 - 2013-08-21 12:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\gd.sos.McPixel2013-08-20 10:46 - 2012-03-13 04:27 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\dvdcss2013-08-20 10:10 - 2012-02-18 08:24 - 00000125 ____S C:\ProgramData\.zreglib2013-08-17 22:12 - 2013-08-17 22:12 - 72314526 _____ C:\Users\m0rb\Downloads\Hwpo-(DatPiff.com).zip2013-08-17 11:22 - 2012-01-03 12:36 - 00000000 ____D C:\Users\m0rb\AppData\Local\Adobe2013-08-15 18:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache2013-08-15 16:02 - 2012-04-28 22:27 - 00000000 ____D C:\ProgramData\Origin2013-08-15 16:02 - 2012-04-28 22:23 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\Origin2013-08-15 15:45 - 2012-04-28 22:27 - 00000000 ____D C:\Users\m0rb\AppData\Local\Origin2013-08-15 02:33 - 2013-08-15 02:32 - 00000000 ____D C:\Windows\system32\MRT2013-08-15 02:32 - 2011-01-02 14:11 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-08-14 16:21 - 2013-08-14 16:21 - 00000000 ____D C:\Users\m0rb\AppData\Local\Risen2013-08-13 09:40 - 2013-08-13 09:40 - 17857246 _____ C:\Users\m0rb\Downloads\20130807.zip2013-08-13 09:40 - 2013-08-13 09:40 - 02958696 _____ C:\Users\m0rb\Downloads\dpjuly13.zip2013-08-13 01:07 - 2013-08-31 01:37 - 00046792 _____ (AnchorFree Inc.) C:\Windows\system32\Drivers\hssdrv6.sys2013-08-10 05:01 - 2013-01-13 17:50 - 00000000 ____D C:\Users\m0rb\AppData\Roaming\.purple Files to move or delete:====================C:\Users\m0rb\AppData\Local\Temp\Quarantine.exeC:\Users\m0rb\AppData\Local\Temp\sfamcc00001.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 22:45 ==================== End Of Log ============================ Addition.txt is, as was requested, attached to the following message.