Jump to content

"Access denied" in Task Manager, unknown MBR code in GMER but MalwareBytes scans clean


Recommended Posts

Hello everybody,

 

I have been stressing since the last few days about having a hidden rootkit/malware on my Lenovo G500s (Win 8.1). It all started when my internet seemed to run very slow on Firefox. Trying to restart Firefox didn't work, cause it told me the process was running in the background. So I tried to kill it using Task Manager and was shown the message "Access Denied". This also happened when I tested IE and Chrome. I thereafter ran a System Restore and the internet was running fine. Having run a multitude of AV/Malware scans, I am still not convinced that my laptop is safe.

 

Amongst the scans I ran, GMER and aswMBR showed the following message:

 

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                       unknown MBR code

----------------------------------------------------------------------------------------------------------------------------------------------

 

Anyway I have run a FRST scan and also scans using MalwareBytes AV and Anti-Rootkit. Both haven't detected a thing.

I'd still appreciate it a lot, if you guys could put my fears to rest that there is nothing on my laptop to be worried about.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by XXXXX (administrator) on XXXXX on 24-08-2014 16:36:46
Running from C:\Users\XXXXX\Desktop
Platform: Windows 8.1 (X64) OS Language: XXXXX (XXXXX)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 MultiKMS; "C:\Windows\MultiKMS\MultiKMS.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 16:36 - 2014-08-24 16:37 - 00018467 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
2014-08-24 16:18 - 2014-08-24 16:10 - 00688992 _____ (Swearware) C:\dds.scr
2014-08-24 16:01 - 2014-08-24 16:16 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
2014-08-24 13:56 - 2014-08-24 13:55 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
2014-08-24 13:50 - 2014-08-24 13:57 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 18:00 - 2014-08-23 17:50 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-22 19:53 - 2014-08-22 19:53 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:47 - 2014-08-22 19:34 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:44 - 2014-08-22 19:40 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[s0].txt
2014-08-22 19:31 - 2014-08-22 19:43 - 00000000 ____D () C:\AdwCleaner
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:22 - 2014-08-23 11:33 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-22 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 20:05 - 2004-01-16 20:57 - 302548481 ____R (InstallShield Software Corporation) C:\Users\XXXXX\Desktop\cs16full_v4+zbot.exe
2014-08-21 17:18 - 2014-08-21 18:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:17 - 2014-08-23 23:02 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
2014-08-19 17:16 - 2014-08-24 16:36 - 00000000 ____D () C:\FRST
2014-08-19 17:16 - 2014-08-23 23:02 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:14 - 2014-08-23 22:58 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-08-18 19:39 - 2014-08-18 19:42 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 17:02 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-23 19:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 18:56 - 2014-08-24 16:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 18:56 - 2014-08-24 13:34 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:55 - 2014-08-24 16:05 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-24 16:31 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 17:55 - 2014-08-24 16:28 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:55 - 2014-08-24 16:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 16:37 - 2014-08-24 16:36 - 00018467 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-24 16:36 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
2014-08-24 16:36 - 2014-02-12 22:32 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002
2014-08-24 16:34 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-24 16:34 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-24 16:34 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-24 16:32 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2014-08-24 16:31 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-24 16:28 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 16:27 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job
2014-08-24 16:26 - 2014-02-12 20:59 - 01971085 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-24 16:26 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-24 16:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
2014-08-24 16:25 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX
2014-08-24 16:25 - 2014-02-12 16:28 - 17789222 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-24 16:16 - 2014-08-24 16:01 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-24 16:16 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-24 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-24 16:10 - 2014-08-24 16:18 - 00688992 _____ (Swearware) C:\dds.scr
2014-08-24 16:05 - 2014-08-14 18:55 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
2014-08-24 16:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
2014-08-24 14:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-24 13:57 - 2014-08-24 13:50 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
2014-08-24 13:55 - 2014-08-24 13:56 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
2014-08-24 13:34 - 2014-08-14 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 12:42 - 2014-05-15 12:42 - 00007606 _____ () C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
2014-08-24 12:39 - 2014-01-15 01:03 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-08-24 12:39 - 2013-08-22 16:46 - 00346209 _____ () C:\WINDOWS\setupact.log
2014-08-24 12:39 - 2013-08-22 16:46 - 00000618 _____ () C:\WINDOWS\setuperr.log
2014-08-24 12:27 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
2014-08-24 11:18 - 2013-11-14 00:18 - 00055980 _____ () C:\WINDOWS\PFRO.log
2014-08-23 23:02 - 2014-08-19 17:17 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
2014-08-23 23:02 - 2014-08-19 17:16 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 22:58 - 2014-08-19 17:14 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-23 20:25 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-23 19:02 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-23 17:50 - 2014-08-23 18:00 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-23 11:33 - 2014-08-22 19:22 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:53 - 2014-08-22 19:53 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:43 - 2014-08-22 19:31 - 00000000 ____D () C:\AdwCleaner
2014-08-22 19:41 - 2013-08-22 16:44 - 05039384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-22 19:40 - 2014-08-22 19:44 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[s0].txt
2014-08-22 19:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-22 19:34 - 2014-08-22 19:47 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 15:30 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB
2014-08-21 20:25 - 2014-01-15 01:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 20:06 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-08-21 20:06 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-08-21 20:06 - 2013-08-22 06:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-08-21 20:06 - 2013-08-22 06:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-08-21 20:06 - 2013-08-22 05:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-08-21 20:06 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-21 18:20 - 2014-08-21 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-21 18:11 - 2014-04-07 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:10 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 18:10 - 2013-11-14 09:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-08-21 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-21 18:05 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-08-21 17:25 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:31 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-19 17:31 - 2014-02-20 14:25 - 557322577 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:42 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:40 - 2014-08-18 19:40 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:40 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA
2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag
2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone
2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-18 17:02 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-25 16:52 - 2014-08-17 21:45 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-25 15:51 - 2014-08-17 21:45 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-25 15:28 - 2014-08-17 21:45 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-25 15:25 - 2014-08-17 21:45 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-07-25 14:59 - 2014-08-17 21:45 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-07-25 14:40 - 2014-08-17 21:45 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-25 14:34 - 2014-08-17 21:45 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-07-25 14:30 - 2014-08-17 21:45 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-25 14:28 - 2014-08-17 21:45 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-07-25 14:21 - 2014-08-17 21:45 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-25 14:17 - 2014-08-17 21:45 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-25 14:10 - 2014-08-17 21:45 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-25 14:08 - 2014-08-17 21:45 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-07-25 14:06 - 2014-08-17 21:45 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-25 13:52 - 2014-08-17 21:45 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-25 13:47 - 2014-08-17 21:45 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-25 13:43 - 2014-08-17 21:45 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 13:42 - 2014-08-17 21:45 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-25 13:39 - 2014-08-17 21:45 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-25 13:34 - 2014-08-17 21:45 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-25 13:29 - 2014-08-17 21:45 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-25 13:23 - 2014-08-17 21:45 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-25 13:13 - 2014-08-17 21:45 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-25 13:09 - 2014-08-17 21:45 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-25 13:07 - 2014-08-17 21:45 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-25 13:03 - 2014-08-17 21:45 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-25 12:52 - 2014-08-17 21:45 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-25 12:26 - 2014-08-17 21:45 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-25 12:17 - 2014-08-17 21:45 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-25 12:09 - 2014-08-17 21:45 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-25 12:05 - 2014-08-17 21:45 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-25 12:00 - 2014-08-17 21:45 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-23 14:34

==================== End Of Log ============================

 

 

Link to post
Share on other sites

Here are the Additional log and MalwareBytes log files.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by XXXXX at 2014-08-24 16:37:20
Running from C:\Users\XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - XXXXX (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-08-2014 16:04:13 Removed Microsoft Office Professional Plus 2013
21-08-2014 16:04:43 PROPLUSR

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {19BAC521-A724-474E-9BA3-67515111574A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {856CBA86-7346-4CF9-BDFF-AF610CDEDAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {C902A460-3762-45EF-834B-64745252B39A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-18 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-18 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-08-18 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-08-18 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07330653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07330653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2014 04:26:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/24/2014 01:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 36.0.1985.143, Zeitstempel: 0x53e2e0f9
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 36.0.1985.143, Zeitstempel: 0x53e2e0f9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004699f
ID des fehlerhaften Prozesses: 0x7a0
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5

Error: (08/24/2014 00:45:59 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/24/2014 00:05:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/23/2014 10:53:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1714

Startzeit: 01cfbefeca278d6f

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Berichts-ID: beb85c71-2af2-11e4-bee1-40f02fd150c4

Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoCompanion_2.0.40.0_x86__k1h2ywk1493x8

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1700

Startzeit: 01cfbefeca2065b9

Endzeit: 4294967295

Anwendungspfad: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Berichts-ID: beb83561-2af2-11e4-bee1-40f02fd150c4

Vollständiger Name des fehlerhaften Pakets: E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (08/23/2014 08:19:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/23/2014 08:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (08/24/2014 00:07:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\XXXXX~1\AppData\Local\Temp\mbr.sys

Error: (08/24/2014 00:07:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\XXXXX~1\AppData\Local\Temp\mbr.sys

Error: (08/24/2014 00:06:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\XXXXX~1\AppData\Local\Temp\mbr.sys

Error: (08/24/2014 11:17:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Conexant Audio Message Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2014 11:16:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Lenovo System Agent Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/24/2014 11:16:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sophos Anti-Virus Statusreporter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/24/2014 11:16:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/24/2014 11:16:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/24/2014 11:15:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NitroPDFDriverCreatorReadSpool8" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (08/23/2014 11:05:38 PM) (Source: SAVOnAccess) (EventID: 55) (User: )
Description: Der On-Access-Treiber konnte keine Maßnahme des Anwenders für die Datei \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\RarSFX1\SecurityCheck\Other\nir durchführen.


Microsoft Office Sessions:
=========================
Error: (08/24/2014 04:26:04 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/24/2014 01:50:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe36.0.1985.14353e2e0f9delegate_execute.exe36.0.1985.14353e2e0f9c00000050004699f7a001cfbf9198799584C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\delegate_execute.exed773edfe-2b84-11e4-bee3-40f02fd150c4

Error: (08/24/2014 00:45:59 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (08/24/2014 00:05:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestG:\esetsmartinstaller_deu.exe

Error: (08/23/2014 10:53:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384171401cfbefeca278d6f4294967295C:\WINDOWS\syswow64\backgroundTaskHost.exebeb85c71-2af2-11e4-bee1-40f02fd150c4E046963F.LenovoCompanion_2.0.40.0_x86__k1h2ywk1493x8App

Error: (08/23/2014 08:24:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.16384170001cfbefeca2065b94294967295C:\WINDOWS\syswow64\backgroundTaskHost.exebeb83561-2af2-11e4-bee1-40f02fd150c4E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8App

Error: (08/23/2014 08:19:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe

Error: (08/23/2014 08:19:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe

Error: (08/23/2014 08:19:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-08-24 12:07:42.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-24 12:07:42.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-24 12:06:13.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX~1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 41%
Total physical RAM: 3993.77 MB
Available physical RAM: 2338.39 MB
Total Pagefile: 12185.77 MB
Available Pagefile: 10692.51 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:809.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

MalwareBytes MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24.08.2014
Scan Time: 13:35:39
Logfile: mbam240814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.24.02
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: XXXXX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324641
Time Elapsed: 13 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

-------------------------------------------------------------------------------------------------------------------------------------------------

 

MalwareBytes Anti-Rootkit MBAR

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4187770880, free: 2475991040

Downloaded database version: v2014.08.24.02
Downloaded database version: v2014.08.21.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A7EB26D3

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2736653979
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2736653979
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8a0311b3-f4d6-4697-a51f-72f246741d0
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 3a74153c-95f8-45bb-bed4-719b2ec354c0
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 3898826e-15d8-4978-b1c0-698148c78
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b75aa720-7a75-4246-b929-66b29fd22f6c
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 66ffdc7e-31e1-47ac-9d69-d57638f27e1
    FirstLBA 4892672  Last LBA 1874995199
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 276dfe80-3a76-4918-a694-1a3aee819ab9
    FirstLBA 1874995200  Last LBA 1875711999
    Attributes 1
    Partition Name                                     

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f6fd1a1e-6030-47b8-8454-e84e2942fef7
    FirstLBA 1875712000  Last LBA 1928140799
    Attributes 0
    Partition Name                 Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3f535bc9-16b6-463e-a6f1-9b0d3b53843
    FirstLBA 1928140800  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

 

Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).

My advice is to get rid of this program. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.

This is optional, but please consider it.

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:

    createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

Link to post
Share on other sites

Hey here is the MBAM log file and the one from Zoek:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.08.2014
Scan Time: 14:38:37
Logfile: mbam250814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.25.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: XXXXX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324154
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

---------------------------------------------------------------------------------------------------------------

 

Zoek.exe v5.0.0.0 Updated 24-08-2014
Tool run by XXXXX on 25.08.2014 at 15:10:31,91.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\XXXXX\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

25.08.2014 15:12:29 Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe AIR  
Adobe Flash Player 12 Plugin  
Adobe Reader XI (11.0.06) - Deutsch  
Benutzerhandbuch  
CCleaner  
Conexant HD Audio  
DAEMON Tools Lite  
Dependency Package Update  
Dolby Advanced Audio v2  
Efficient Elements for presentations 1.5.0.431  
Energy Management  
Google Chrome  
Google Update Helper  
Intel AppUp(SM) center  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® Rapid Storage Technology  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel© Trusted Connect Service Client  
Lenovo Dependency Package  
Lenovo EasyCamera  
Lenovo Experience Improvement  
Lenovo OneKey Recovery  
Lenovo Photos  
Lenovo pointing device  
Lenovo PowerDVD10  
Lenovo Solution Center  
Lenovo YouCam  
Malwarebytes Anti-Malware Version 2.0.2.1012  
MATLAB R2013a (32-bit)  
MATLAB R2014a (32-bit)  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft_VC80_ATL_x86  
Microsoft_VC80_ATL_x86_x64  
Microsoft_VC80_CRT_x86  
Microsoft_VC80_CRT_x86_x64  
Microsoft_VC80_MFC_x86  
Microsoft_VC80_MFC_x86_x64  
Microsoft_VC80_MFCLOC_x86  
Microsoft_VC80_MFCLOC_x86_x64  
Microsoft_VC90_ATL_x86  
Microsoft_VC90_ATL_x86_x64  
Microsoft_VC90_CRT_x86  
Microsoft_VC90_CRT_x86_x64  
Microsoft_VC90_MFC_x86  
Microsoft_VC90_MFC_x86_x64  
Microsoft_VC90_MFCLOC_x86  
Mozilla Firefox 30.0 (x86 de)  
Nitro Pro 8  
Notepad++  
NVIDIA GeForce Experience 2.0.1  
NVIDIA Grafiktreiber 337.88  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA Network Service  
NVIDIA Optimus Update 12.4.67  
NVIDIA PhysX-Systemsoftware 9.13.1220  
NVIDIA PhysX  
NVIDIA ShadowPlay 12.4.67  
NVIDIA Systemsteuerung 337.88  
NVIDIA Update 12.4.67  
NVIDIA Update Core  
NVIDIA Virtual Audio 1.2.23  
Power2Go  
Qualcomm Atheros Client Installation Program  
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver  
Realtek USB Card Reader  
Shared C Run-time for x64  
SHIELD Streaming  
SkypeT 6.16  
Sophos Anti-Virus  
Sophos AutoUpdate  
SUPERAntiSpyware  
UserGuide  
VLC media player 2.1.3  
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1)  
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733)  
WinRAR 5.01 (64-bit)  

==== Running Processes ======================

C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\iMController\SystemAgentService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\XXXXX\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 3994 MB
CPU Info: Intel® Core i5-3230M CPU @ 2.60GHz
CPU Speed: 2607,0 MHz
Sound Card: Lautsprecher (Conexant SmartAud |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | NVIDIA GeForce GT 720M
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Bluetooth-Gerät (PAN) | Virtueller Microsoft-Adapter für direktes WiFi | Qualcomm Atheros AR8172/8176/8178 PCI-E Fast Ethernet Controller (NDIS 6.30) | Qualcomm Atheros AR9485WB-EG-Funknetzwerkadapter
CD / DVD Drives: 2x (E: | F: | ) E: MATSHITADVD-RAM UJ8DB    | F: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 2 Button Mouse Present
Hard Disks: C:  891,7GB | D:  25,0GB
Hard Disks - Free: C:  812,0GB | D:  13,1GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE |  | LENOVO - 1
Time Zone: Mitteleuropäische Zeit
Motherboard *: LENOVO INVALID
Country: Deutschland
Language: DEU

==== System Specs (Software) ======================

Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Sophos Anti-Virus On-access scanning disabled (Outdated)
Anti-Spyware: Sophos Anti-Virus disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome    36.0.1985.143
Internet Explorer Version: 11.0.9600.17239
Mozilla Firefox version: 30.0 (x86 de)
Google Chrome version: 36.0.1985.143
Adobe Reader version: 11.0.06.70
Flash Player version: 12.0.0.44

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
2014-08-25 12:33:33    0A34066D56D57C0DA73BFFC1E4169FF2    85    ----a-w-    C:\WINDOWS\wininit.ini
====== C:\Users\XXXXX~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2014-08-17 19:46:25    128EC9879D462F89829E663417FE5DBD    710144    ----a-w-    C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 19:46:23    2C01D8EA2B0FA834597FCD96AAAE4F52    406400    ----a-w-    C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 19:45:58    444EB30B1610A35FC99D62A91B2BCAA7    69632    ----a-w-    C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 19:45:57    E9B28B60C0272E2E1E462E6FB38E6B55    367104    ----a-w-    C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 19:45:57    6D017C0E499443ACDE3D9B5DCD753F32    1169920    ----a-w-    C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 19:45:57    24FA5F74D3B4BA62539DF87285BA934E    597504    ----a-w-    C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 19:45:56    1A05CFA45B6AEBFCCC835DCF68CBD1D0    526336    ----a-w-    C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 19:45:55    8453DDF167CE2986AA4AB04BC6824925    17524224    ----a-w-    C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 19:45:53    E70C00791A18866BB23B3A652E3390A0    2001920    ----a-w-    C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 19:45:52    FF4A917DD7C387BD2715A5F67307FED1    2184704    ----a-w-    C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 19:45:52    239575F9EA0D227516843EEE8B7342CA    239616    ----a-w-    C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 19:45:50    90FF511B751A0327D07C4073760F1578    11772928    ----a-w-    C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 19:45:48    7C1BFC2ABE297BCA1A7BA77A8292C088    4204032    ----a-w-    C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 19:45:48    18A3154606E3F8945956948A4E708007    704512    ----a-w-    C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 19:45:36    030041C8800A1781134B6EC3E3EF3F9C    291840    ----a-w-    C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 19:45:35    B945BAA81B4805AD6BDDF4D026DCFB47    1792512    ----a-w-    C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 19:45:33    FEE3E022B00A5165ED645E38C1E6C776    60416    ----a-w-    C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 19:45:32    272420427EB96EA052C719AA796C09F2    61952    ----a-w-    C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 19:45:31    9D16B568E318F49535AD72539C9997C2    455168    ----a-w-    C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 19:43:48    38045850ACB96313A1983A8803302906    35480    ----a-w-    C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 19:35:55    DB3ED0BA26D7C598481A23E7D06A370E    2344448    ----a-w-    C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 19:35:38    5BD2BD14753D3B0ADDE842CDF25A4C60    2144984    ----a-w-    C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-17 19:35:37    949E0E42DAAD0418513B44C31A697CA5    1797896    ----a-w-    C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-17 19:35:34    E28501E3A241DDC5DC65382E55661B1D    285696    ----a-w-    C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-17 19:35:34    1E14463F10B324B02EB2DA7415345D15    1473080    ----a-w-    C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-17 19:35:33    E65B5352AD0743F1F59BDA9466719EFE    265216    ----a-w-    C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 19:35:32    EA15CC7B75A2DE287E3B0C266A35490C    235008    ----a-w-    C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-17 19:35:32    E4783EB6A6B2D04F3B541B378E843617    229888    ----a-w-    C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-17 19:35:30    0CCDFED2DFCD4FBA73EE989249379458    52736    ----a-w-    C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-17 19:35:29    A750BB0258ECF6265A903905A0B14EB3    198656    ----a-w-    C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-17 19:35:28    BA6E52B0D82682EDE4B49D9CCC7D529B    207360    ----a-w-    C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-17 19:35:28    855D508F0053CEDC3BBAF2CB245A674A    1035264    ----a-w-    C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-17 19:35:28    4E07710A2C9EA43E7509BF7D0452430E    106496    ----a-w-    C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-17 19:35:27    BEA7A26C2C22381B6DD88758352B9D9B    62976    ----a-w-    C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-17 19:35:27    57E0A896C38C41C8B5B7F3127F8FD0D9    56320    ----a-w-    C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-17 19:35:26    191B7F25BE13D9F9E56B2B4EA595AC62    11776    ----a-w-    C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-17 19:35:04    FBE8AE41ED2A9FE4C2DE069C522CA9C0    12711424    ----a-w-    C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-17 19:35:02    854E970293BA92F9BB69FFD1CE051D9C    189016    ----a-w-    C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-17 19:35:02    684CF6A72A8DF7D66D262AC4A6E07845    270848    ----a-w-    C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 19:34:45    DBC4D46A7DDC14D1D1ED4B613F9E41A4    1064448    ----a-w-    C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-17 19:34:42    86DB4BA87BAF3D467D04821602E586A9    3304448    ----a-w-    C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 19:34:42    16CDD058883E38FB43D582FB080F721A    2318336    ----a-w-    C:\WINDOWS\SysWOW64\authui.dll
2014-08-17 19:34:41    F8D0951A75826AD557CFAC323A936AA6    281088    ----a-w-    C:\WINDOWS\SysWOW64\msihnd.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2014-08-18 15:02:46    00AD15C6BA3C337CB68A476C0AD05338    918528    ----a-w-    C:\WINDOWS\Sysnative\MrmCoreR.dll
2014-08-17 19:46:25    1BB9CC78C91536CBA7B04B61ED0F85C4    1273184    ----a-w-    C:\WINDOWS\Sysnative\rpcrt4.dll
2014-08-17 19:46:23    59EAFAE3A34B4925990A2E679CA91C5B    517528    ----a-w-    C:\WINDOWS\Sysnative\dxgi.dll
2014-08-17 19:46:23    454978FB3D24DE5C4199162D5F81FBEE    2133504    ----a-w-    C:\WINDOWS\Sysnative\dwmcore.dll
2014-08-17 19:45:53    FE7D99399F7761AA2695A7B1AD30DAAF    1431040    ----a-w-    C:\WINDOWS\Sysnative\urlmon.dll
2014-08-17 19:45:52    F00D0AE7648CA45C6434E2885485BE0B    452096    ----a-w-    C:\WINDOWS\Sysnative\dxtmsft.dll
2014-08-17 19:45:52    1FD1F16C35946BA28FDEB40F18B7729D    631808    ----a-w-    C:\WINDOWS\Sysnative\msfeeds.dll
2014-08-17 19:45:49    DB382D89D8004F40BD2C55BAE6A15B30    2774528    ----a-w-    C:\WINDOWS\Sysnative\iertutil.dll
2014-08-17 19:45:49    39A85C005BCDEEF4092646EBBC2526AA    2087936    ----a-w-    C:\WINDOWS\Sysnative\inetcpl.cpl
2014-08-17 19:45:46    1DE8B71A1C7D8943034188556AF50B07    292864    ----a-w-    C:\WINDOWS\Sysnative\dxtrans.dll
2014-08-17 19:45:45    2639E152D246F2A651F09764807CA153    85504    ----a-w-    C:\WINDOWS\Sysnative\mshtmled.dll
2014-08-17 19:45:45    1B26610C1659EF54ED000233FB96F20C    13547008    ----a-w-    C:\WINDOWS\Sysnative\ieframe.dll
2014-08-17 19:45:44    920F690FC7424DE71888AA2E46E917EA    758272    ----a-w-    C:\WINDOWS\Sysnative\jscript9diag.dll
2014-08-17 19:45:44    472C409F9B0FF67C1015F511C73E1889    5824512    ----a-w-    C:\WINDOWS\Sysnative\jscript9.dll
2014-08-17 19:45:43    BAC44396088ECC1C9021ED3E3345337C    846336    ----a-w-    C:\WINDOWS\Sysnative\ieapfltr.dll
2014-08-17 19:45:41    ECA387DCD57F683C52171C766CF400F0    23645696    ----a-w-    C:\WINDOWS\Sysnative\mshtml.dll
2014-08-17 19:45:36    8E71A5CB5312B8392D4DA4CA37BB5868    2266624    ----a-w-    C:\WINDOWS\Sysnative\wininet.dll
2014-08-17 19:45:36    38D14F3D0A289050CA9BF8E98F37313F    333312    ----a-w-    C:\WINDOWS\Sysnative\iedkcs32.dll
2014-08-17 19:45:34    52D2151908C2A6388B6561A373488F6F    692736    ----a-w-    C:\WINDOWS\Sysnative\ie4uinit.exe
2014-08-17 19:45:33    19FA60D3AE1804A559306DE931A5B415    72704    ----a-w-    C:\WINDOWS\Sysnative\JavaScriptCollectionAgent.dll
2014-08-17 19:45:32    C02C78DE9BB4E68F6C78B1588ADD6ADC    83968    ----a-w-    C:\WINDOWS\Sysnative\MshtmlDac.dll
2014-08-17 19:45:31    6ED6DA2A04F8F0C9BDAD647284BAEFB6    548352    ----a-w-    C:\WINDOWS\Sysnative\vbscript.dll
2014-08-17 19:43:48    6DBE73C09215E281F4283641144110A5    35480    ----a-w-    C:\WINDOWS\Sysnative\TsWpfWrp.exe
2014-08-17 19:35:55    E7DE316FEEFC79327CFAD8F527979CC0    3118080    ----a-w-    C:\WINDOWS\Sysnative\Wpc.dll
2014-08-17 19:35:55    E2F4125BFAC99244088324A1841C0B83    3048880    ----a-w-    C:\WINDOWS\Sysnative\WpcMon.exe
2014-08-17 19:35:55    6BC31FB4E24A962C98801D3687A984C0    2861056    ----a-w-    C:\WINDOWS\Sysnative\WpcWebSync.dll
2014-08-17 19:35:54    BCCFB97B1B68DD18F2BDACFE37409386    716800    ----a-w-    C:\WINDOWS\Sysnative\SkyDriveTelemetry.dll
2014-08-17 19:35:54    11FD8DDAB6014EECCE88F1F581604C30    1120256    ----a-w-    C:\WINDOWS\Sysnative\SkyDrive.exe
2014-08-17 19:35:54    04142EC4BDD7F502922914F65A5EE1D1    4756992    ----a-w-    C:\WINDOWS\Sysnative\SyncEngine.dll
2014-08-17 19:35:38    C1E44A99F7CF8C3A08CD5ADDF451636C    2125344    ----a-w-    C:\WINDOWS\Sysnative\d3d9.dll
2014-08-17 19:35:36    0CD0356C5BBCFDC1B7BCEEDE74AB348B    2140888    ----a-w-    C:\WINDOWS\Sysnative\mfcore.dll
2014-08-17 19:35:35    EA432A85ABF371E14FB364D5F4405897    403968    ----a-w-    C:\WINDOWS\Sysnative\vpnike.dll
2014-08-17 19:35:35    CED9FA1ECCF3E6B7028940FE22C69B40    1726224    ----a-w-    C:\WINDOWS\Sysnative\ntdll.dll
2014-08-17 19:35:35    B6E947CE54A5AAD55484E0D3BC2D5948    1025536    ----a-w-    C:\WINDOWS\Sysnative\localspl.dll
2014-08-17 19:35:35    98D0985521BF8F7086EA9C860898A1EE    721408    ----a-w-    C:\WINDOWS\Sysnative\fveapi.dll
2014-08-17 19:35:35    05DE04005CE0D84D0E6AD21CAEB369C6    353280    ----a-w-    C:\WINDOWS\Sysnative\dhcpcore.dll
2014-08-17 19:35:34    D71845D255EA3FDC96A2DED98EE4C7D9    2844160    ----a-w-    C:\WINDOWS\Sysnative\actxprxy.dll
2014-08-17 19:35:34    6B374D279DC423FE69DB8DD1401E84FC    301056    ----a-w-    C:\WINDOWS\Sysnative\framedynos.dll
2014-08-17 19:35:34    61FE99A86352AD6E27FA480CDC8B225A    285696    ----a-w-    C:\WINDOWS\Sysnative\SkyDriveShell.dll
2014-08-17 19:35:32    E07C80468D0C599BFF01D9D4EC7AEDC3    339456    ----a-w-    C:\WINDOWS\Sysnative\bdesvc.dll
2014-08-17 19:35:32    10AC9494ECE22A2362E4E4D98C528D01    271872    ----a-w-    C:\WINDOWS\Sysnative\dhcpcore6.dll
2014-08-17 19:35:31    FBB1841434072FFA76E4AD287448E34A    262656    ----a-w-    C:\WINDOWS\Sysnative\framedyn.dll
2014-08-17 19:35:31    6CDCCD5323EEB8EBD66E02CB8C9C703F    118272    ----a-w-    C:\WINDOWS\Sysnative\winbici.dll
2014-08-17 19:35:31    20FB137ADDE1255F15F265A7BD9579BE    827392    ----a-w-    C:\WINDOWS\Sysnative\BFE.DLL
2014-08-17 19:35:31    1824052F17B12B5D7B21445B869EE9F2    71168    ----a-w-    C:\WINDOWS\Sysnative\ncobjapi.dll
2014-08-17 19:35:29    D261A12A43D33122CB90E70D3BC1CC68    226816    ----a-w-    C:\WINDOWS\Sysnative\WebClnt.dll
2014-08-17 19:35:29    2616E8E9C8B66A67CFB6197E9517A2F2    123392    ----a-w-    C:\WINDOWS\Sysnative\Robocopy.exe
2014-08-17 19:35:28    DEA76F90F9777E3427D70E380222B23B    1063424    ----a-w-    C:\WINDOWS\Sysnative\IKEEXT.DLL
2014-08-17 19:35:28    D3883FBCA97D10C8A39632D6CDDC6E85    65024    ----a-w-    C:\WINDOWS\Sysnative\dhcpcsvc6.dll
2014-08-17 19:35:28    CFD6DBED27511D7A5FBE33AFA7E6B669    76800    ----a-w-    C:\WINDOWS\Sysnative\BulkOperationHost.exe
2014-08-17 19:35:28    7E1EBDB3424337ABB553F249A7811D94    87552    ----a-w-    C:\WINDOWS\Sysnative\dhcpcsvc.dll
2014-08-17 19:35:27    71BAEAFD05B3040173F5BBEA2CFE9607    997888    ----a-w-    C:\WINDOWS\Sysnative\reseteng.dll
2014-08-17 19:35:26    B7CC32E00C5C5152D221DF182827F58E    50745    ----a-w-    C:\WINDOWS\Sysnative\srms.dat
2014-08-17 19:35:06    50A49F3F16EF82E30BFB11E6B6A8F4A6    16871936    ----a-w-    C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2014-08-17 19:35:03    313117AE2B0986ED7D3AA6AE10603239    216368    ----a-w-    C:\WINDOWS\Sysnative\rsaenh.dll
2014-08-17 19:35:02    B312E157D20E727F30EAB3A250441B6F    284672    ----a-w-    C:\WINDOWS\Sysnative\WUDFHost.exe
2014-08-17 19:35:02    9CDC2059A23E3C9B57696178508777E7    99840    ----a-w-    C:\WINDOWS\Sysnative\WUDFSvc.dll
2014-08-17 19:35:02    42D257559F97B30A94A027EB4555C62F    323584    ----a-w-    C:\WINDOWS\Sysnative\DaOtpCredentialProvider.dll
2014-08-17 19:35:02    1A54E3DF2CBB8DBE8A17C87BB07E3A7E    209408    ----a-w-    C:\WINDOWS\Sysnative\WUDFPlatform.dll
2014-08-17 19:35:02    08DCA300264238F9AE941302321F3D54    423768    ----a-w-    C:\WINDOWS\Sysnative\hal.dll
2014-08-17 19:34:45    F381B380B7B2704EA4C0F8D8C49C1C50    623616    ----a-w-    C:\WINDOWS\Sysnative\MDMAgent.exe
2014-08-17 19:34:45    A39C4AB750E0AD4431C7B7F46AB0EBED    4148224    ----a-w-    C:\WINDOWS\Sysnative\win32k.sys
2014-08-17 19:34:45    87CEF71F9D5951C9379D2F956C07C37D    1336624    ----a-w-    C:\WINDOWS\Sysnative\gdi32.dll
2014-08-17 19:34:42    68F887EF33C09CDA957A51ECE871D642    2642944    ----a-w-    C:\WINDOWS\Sysnative\authui.dll
2014-08-17 19:34:42    28E0C3AAA68579ABD9A27B92DFD5F119    2790912    ----a-w-    C:\WINDOWS\Sysnative\msi.dll
2014-08-17 19:34:42    10D8859CF01C1284603582ABD9B0482C    114520    ----a-w-    C:\WINDOWS\Sysnative\consent.exe
2014-08-17 19:34:41    08914C8989AB93F5EC3A452D014E2C8D    356352    ----a-w-    C:\WINDOWS\Sysnative\msihnd.dll
2014-08-14 16:26:07    B2829BA582D17FA0D50FCEC6810CBB1E    342    ----a-w-    C:\WINDOWS\Sysnative\.crusader
====== C:\WINDOWS\Sysnative\drivers =====
2014-08-22 17:05:48    F92B0E478C0FAA6D6661E6E977247E60    25816    ----a-w-    C:\WINDOWS\Sysnative\drivers\mbam.sys
2014-08-22 17:05:48    0664F6335F108F38FE08C3CA747311EE    64216    ----a-w-    C:\WINDOWS\Sysnative\drivers\mwac.sys
2014-08-17 19:46:22    313DCE665B57000B18CB26C6B6A10DFE    1557848    ----a-w-    C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2014-08-17 19:44:05    5C42CEE3E2018E1DFC6E3E17240A432A    206848    ----a-w-    C:\WINDOWS\Sysnative\drivers\mrxsmb20.sys
2014-08-17 19:35:34    7A1A3F213CDB3363D179D5014272025D    402432    ----a-w-    C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2014-08-17 19:35:31    674A4702E4E144E8710ED1A2EC6DD049    96768    ----a-w-    C:\WINDOWS\Sysnative\drivers\agilevpn.sys
2014-08-17 19:35:29    65ED7B9CFEA893DF7748D5FF692690DE    38912    ----a-w-    C:\WINDOWS\Sysnative\drivers\vwifimp.sys
2014-08-17 19:35:27    35BF5C5F5E3C9902C98978C7640574DA    71680    ----a-w-    C:\WINDOWS\Sysnative\drivers\vwififlt.sys
2014-08-17 19:35:03    FE0ADF5028EB8C1339B66B3AEDE3FEF9    440664    -c--a-w-    C:\WINDOWS\Sysnative\drivers\usbport.sys
2014-08-17 19:35:03    93435654DCA210298BA0F986EB51C679    419672    -c--a-w-    C:\WINDOWS\Sysnative\drivers\usbhub.sys
2014-08-17 19:35:03    25AC0B50A71938890970E1508F107196    2518360    ----a-w-    C:\WINDOWS\Sysnative\drivers\tcpip.sys
2014-08-17 19:35:02    D79920BE4E6683D3AB50F71457A4F6C6    27480    -c--a-w-    C:\WINDOWS\Sysnative\drivers\usbd.sys
2014-08-17 19:35:02    D537815E450A149752C15868392AD1F3    110592    ----a-w-    C:\WINDOWS\Sysnative\drivers\WUDFPf.sys
2014-08-17 19:35:02    83C9C45D59C72FEFDAE9A5686BE31FEA    467800    -c--a-w-    C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2014-08-17 19:35:02    7CCBBCEE408A5DBE3FE47297DB5A6CFC    227840    ----a-w-    C:\WINDOWS\Sysnative\drivers\WUDFRd.sys
2014-08-17 19:35:02    48BA326A3DBA5B5BEB5F2777F4618696    89944    -c--a-w-    C:\WINDOWS\Sysnative\drivers\usbehci.sys
2014-08-17 19:35:02    064260B3A5868AC894A4943543BC7AB7    37376    -c--a-w-    C:\WINDOWS\Sysnative\drivers\usbuhci.sys
2014-08-14 16:56:49    8A50D5304E6AE48664CF5838EC32F647    122584    ----a-w-    C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2014-08-14 16:55:50    1A243DAD23BB639D47F25AB9EC51FCAD    92888    ----a-w-    C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
====== C:\WINDOWS\Tasks ======
2014-08-25 12:33:33    --------    d-----w-    C:\WINDOWS\Sysnative\Tasks\Safer-Networking
2014-08-12 15:55:05    B0D3EBD4336A66C5778870778801AD21    1144    ----a-w-    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 15:55:05    4710126FDDC628ACDC02BEAA9BFF358B    4116    ----a-w-    C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 15:55:03    A1F925C02EFEA0D7686AAC28315F04CA    1140    ----a-w-    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 15:55:03    521147C433D34ED0E2616447D3ED9857    3880    ----a-w-    C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2014-08-17 19:52:54    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2014-08-08 12:31:05    --------    d-----w-    C:\Program Files\Eraser
======= C:\PROGRA~2 =====
2014-08-12 15:55:00    --------    d-----w-    C:\PROGRA~2\Google
2014-08-10 22:19:38    --------    d-----w-    C:\PROGRA~2\The Cleaner
2014-08-09 14:21:21    --------    d-----w-    C:\PROGRA~2\Adobe Download Assistant
2014-07-27 11:24:47    --------    d-----w-    C:\PROGRA~2\LightZone
======= C: =====
2014-08-24 14:18:30    8B968045D75783A09592C3105F2865DA    688992    ----a-w-    C:\dds.scr
====== C:\Users\XXXXX\AppData\Roaming ======
2014-08-22 13:48:47    --------    d-----w-    C:\Users\XXXXX\AppData\Locallow\Temp
2014-08-18 17:42:29    --------    d-----w-    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-08-17 19:53:09    --------    d-----w-    C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-14 15:37:26    --------    d-----w-    C:\Users\XXXXX\AppData\Local\ElevatedDiagnostics
2014-08-12 15:54:38    --------    d-----w-    C:\Users\XXXXX\AppData\Local\Apps
2014-08-12 15:54:37    --------    d-----w-    C:\Users\XXXXX\AppData\Local\Deployment
2014-08-11 11:58:23    --------    d-----w-    C:\Users\XXXXX\AppData\Local\Google
2014-08-11 09:59:17    --------    d-sh--w-    C:\Users\XXXXX\AppData\Locallow\EmieUserList
2014-08-11 09:47:18    --------    d-sh--w-    C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 09:47:18    --------    d-sh--w-    C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 09:43:25    --------    d-sh--w-    C:\Users\XXXXX\AppData\Locallow\EmieSiteList
2014-08-10 22:20:37    --------    d-----w-    C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-09 14:21:22    --------    d-----w-    C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 21:25:21    --------    d-----w-    C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 16:34:32    --------    d-----w-    C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-07 08:58:32    --------    d-----w-    C:\Users\XXXXX\AppData\Roaming\chc
2014-08-07 08:58:31    --------    d-----w-    C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
====== C:\Users\XXXXX ======
2014-08-25 12:13:27    35FF19A3ECC56C5E9ED29D49C0FFEDCA    147456    ----a-w-    C:\Users\XXXXX\Desktop\MbrScan.exe
2014-08-24 14:01:19    DFF72B75746001A9060AB2B80310012E    14349744    ----a-w-    C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
2014-08-24 11:56:18    8B968045D75783A09592C3105F2865DA    688992    ----a-w-    C:\Users\XXXXX\Desktop\dds.com
2014-08-23 16:00:56    19C1CF262DB2E49AEF8FB501CA52850B    2347384    ----a-w-    C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-22 17:47:36    CA630DBADEB5B6101531F986ADFE46C9    1016261    ----a-w-    C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 17:29:15    9DED4724D695CFB01960426DA011ABAE    1364531    ----a-w-    C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 17:01:34    E90BF9E1562F40140161573B79CD5720    17292760    ----a-w-    C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 18:05:36    5A8D9ECCB2C149DA417377FEDD2F1CED    302548481    ----a-r-    C:\Users\XXXXX\Desktop\cs16full_v4+zbot.exe
2014-08-19 19:01:27    D40E7B5FBB8E0EAA7C5C294389AF95AB    4181856    ----a-w-    C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 15:14:29    A10A29D98EEC00520906C6C3F78090B2    2103296    ----a-w-    C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 15:13:56    9146F21288AB749C4C729343F5F285A1    50477    ----a-w-    C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 14:08:47    FEBDADF0C03512C701FD4A2CE8E03C0F    788728    ----a-w-    C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-18 17:37:45    E0797E7358557BE996F1F367D1F1E0FC    46525608    ----a-w-    C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 14:01:58    9A8336796A7C71E9F33DE848B8320ED3    380416    ----a-w-    C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 08:38:45    24B705B62DAC28956C9F119C4E399CBC    2478784    ----a-w-    C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 08:32:51    386101D5CA5BB5429AAEDC01A1FB93E3    592568    ----a-w-    C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-17 19:52:56    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 19:52:54    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 19:52:10    9BF1EABFDB5F5B7BEF9EEAEDB24E572F    18814224    ----a-w-    C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-14 16:11:04    --------    d-----w-    C:\ProgramData\HitmanPro
2014-08-12 15:55:44    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-11 13:25:38    --------    d-----w-    C:\WINDOWS\serviceprofiles\Localservice\winhttp
2014-07-27 11:25:41    --------    d-----w-    C:\Users\XXXXX\Application Data

====== C: exe-files ==
2014-08-19 19:00:59    C56CB929FDC62BA6AFA025C0DF95CA73    1836624    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.143\36.0.1985.143_36.0.1985.125_chrome_updater.exe
2014-08-18 18:27:00    7F5D2D4CA90D1F54F33922AA5315BD44    584960    ----a-w-    C:\Program Files\Lenovo\iMController\SystemAgentService.exe
2014-08-18 18:26:58    F3945D28D373D52C042102CB2D4C715E    21248    ----a-w-    C:\Program Files\Lenovo\iMController\LegacyFeatures.exe
2014-08-18 18:26:58    DE6DC39150BA952A44D2B671276252E4    35072    ----a-w-    C:\Program Files\Lenovo\iMController\LaunchProxy.exe
2014-08-18 18:26:58    9B8EBAF983DAF58D8240A05242F3493C    176896    ----a-w-    C:\Program Files\Lenovo\iMController\LenovoTaskScheduler.exe
2014-08-18 18:26:58    53B3F16C1107707450D09480E8749506    25856    ----a-w-    C:\Program Files\Lenovo\iMController\PluginCommunication.exe
2014-08-18 18:26:58    33FB904D37B626FE304950C72C53AB90    35584    ----a-w-    C:\Program Files\Lenovo\iMController\AutoUpdate.exe
2014-08-18 18:26:58    22D3C7A9AB5F567610AE9B3C370BCDAA    16128    ----a-w-    C:\Program Files\Lenovo\iMController\DependencyVersion.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3025749280-237415010-592600764-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_USERS\S-1-5-21-3025749280-237415010-592600764-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe /s"
"UpdateP2GShortCut"="C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\Lenovo\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\5.0"
"RemoteControl10"="C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Sophos AutoUpdate Monitor"="C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\SysWOW64\\nvinit.dll,C:\\PROGRA~2\\Sophos\\SOPHOS~1\\SOPHOS~1.DLL"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtsFT"="RTFTrack.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t"
"Energy Management"="C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"EnergyUtility"="C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\nvinitx.dll,C:\\PROGRA~2\\Sophos\\SOPHOS~1\\SOPHOS~2.DLL"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AtherosSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WinRM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ZAtheros Bt and Wlan Coex Agent]


==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12.08.2014 17:54]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [12.08.2014 17:54]
C:\WINDOWS\tasks\MATLAB R2013a Startup Accelerator.job --a-------- C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [16.01.2013 18:37]
C:\WINDOWS\tasks\MATLAB R2014a Startup Accelerator.job --a-------- C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [29.01.2014 12:42]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\Dolby Selector" [C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\MATLAB R2013a Startup Accelerator" [C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe]
"C:\WINDOWS\SysNative\tasks\MATLAB R2014a Startup Accelerator" [C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Dependency Package Auto Update" [C:\Program Files\Lenovo\iMController\AutoUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Experience Improvement Logon" [C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"]
"C:\WINDOWS\SysNative\tasks\Lenovo\Lenovo Solution Center Launcher" [%programfiles%\lenovo\lenovo solution center\App\LSCService.exe]
"C:\WINDOWS\SysNative\tasks\Lenovo\LSC\LSCHardwareScan" ["C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe" -diag HWScan]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

ProfilePath: C:\Users\XXXXX~1\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
FD6ACD9D85177259D442A0C4AC15F7B8    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll -    Shockwave Flash


==== Chrome Look ======================

Google Docs - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lenovo13.msn.com/?pc=LCJB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 25.08.2014 at 15:19:34,36 ======================
 

Link to post
Share on other sites

User is being helped by me at another forum.
https://forum.avast.com/index.php?topic=153870.msg1118849#msg1118849
 
Please don;t start multiple threads. It confuses helpers and wastes our time, while there are multiple people working with your issue. It may also cause interference in our scans and so.
 
I'm asking this thread to be closed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.