TechSpot

Weird browser behaviour, rootkit suspected

Inactive-A
By Noobie102
Aug 22, 2014
Topic Status:
Not open for further replies.
  1. Hey there guys,
    I'd like to ask you for help in figuring out some funny behaviour that my Lenovo has exhibited last week. It's got Windows 8.1 and UEFI on board. Early last week I experienced very slow internet (Google would not load). Tried shutting Firefox and restarting it, but it said that the process is already running in the background. So I tried to kill the process in Task Manager. On trying to do so, the computer gave me the message "Access Denied". This is also happened when I tried to use IE and Chrome. This behaviour has me kinda freaked out and I am scared that I have a nasty rootkit which has gone undetected so far. I have tried scans with multiple softwares, but none of them detected anything suspicious. I finally did a System Recovery after choosing an old state, and have not experienced the above symtpoms as of yet. I am still very scared that I am being played with.

    I tried getting help on another forum, but help has been very slow (over two days). I have conducted a Defogger disable scan, and then a scan using Farbar FRST and GMER. GMER detects an unknown MBR code, but doesn't explicitly mention any rootkit activity. I also scanned using TDSSKiller, it came up with the following:

    21:13:16.0989 0x01c0 Detected object count: 7
    21:13:16.0989 0x01c0 Actual detected object count: 7
    21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - skipped by user
    21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:23:11.0748 0x149c Deinitialize success

    I have since removed KMSpico/KMSELDI and other stuff related to it from my computer.

    I'd really appreciate if somebody tells me if I have a rootkit and what I can do about it. Thanks! :)
  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Noobie102

    Noobie102 TS Rookie Topic Starter

    Hey Broni, sorry for the delayed reply. Here is a fresh scan of Malwarebytes. Unfortunately, I couldn't scan using DDS. I got the message "Not meant to run in compatibility mode. Will exit now". Any idea what to do?

    MBAM Scan:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 24.08.2014
    Scan Time: 13:35:39
    Logfile: mbam240814.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.24.02
    Rootkit Database: v2014.08.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: XXXXX

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 324641
    Time Elapsed: 13 min, 30 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    EDIT: As I mentioned earlier, I had run Defogger to disable drivers, but didn't run it again after that. Dunno if that can affect the running of DDS. :)
  4. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    DDS won't run on Windows 8.1.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
  5. Noobie102

    Noobie102 TS Rookie Topic Starter

    Hey I ran RogueKiller but I am concerned about the files it has chosen to delete. Under processes, it has deleted RTFTrack.exe which was related to the Realtek driver software on the laptop. Plus it has chosen a bunch of things from the registry which I am not sure if I should delete. Here's the RKReport, maybe you could give me your opinion if these should be deleted. I'll do the needful, if you feel they are harmful or not required for the laptop to function properly.

    RogueKiller V9.2.8.0 [Jul 11 2014] durch Adlice Software
    mail : http://www.adlice.com/contact/
    Kommentare : http://forum.adlice.com
    Webseite : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Betriebssystem : Windows 8.1 (6.3.9200 ) 64 bits version
    Gestartet in : Normaler Modus
    Benutzer : XXXXX [Admin Rechte]
    Funktion : Scannen -- Datum : 08/25/2014 22:35:11

    ¤¤¤ Böswillige Prozesse : 1 ¤¤¤
    [Suspicious.Path] RTFTrack.exe -- C:\Windows\RTFTrack.exe[7] -> GELÖSCHT [TermProc]

    ¤¤¤ Registry-Einträge : 11 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A85F3A85-EA29-432E-86D2-0A3410E895AB} | DhcpNameServer : 137.226.111.251 137.226.111.252 -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E063D2E0-BAA4-47CB-8618-7A711F40E278} | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A85F3A85-EA29-432E-86D2-0A3410E895AB} | DhcpNameServer : 137.226.111.251 137.226.111.252 -> GEFUNDEN
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E063D2E0-BAA4-47CB-8618-7A711F40E278} | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> GEFUNDEN
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> GEFUNDEN
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> GEFUNDEN
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> GEFUNDEN

    ¤¤¤ Geplante Tasks : 0 ¤¤¤

    ¤¤¤ Dateien : 0 ¤¤¤

    ¤¤¤ Hosts-Datei : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NICHT GELADEN [0xc000036b]) ¤¤¤

    ¤¤¤ Web-Browsern : 0 ¤¤¤

    ¤¤¤ MBR überprüfen : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM014-SSHD-8GB +++++
    --- User ---
    [MBR] ad6da9c1a0b34d34a087c421489d6da9
    [BSP] cceae252e1a248ecb5a3f6787da19bc8 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK
    ---------------------------------------------------------------------------------------------------------------

    MBAR Log file:
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.08.25.05

    Windows 8.1 x64 NTFS
    Internet Explorer 11.0.9600.17239
    XXXXX :: XXXXX-PC [administrator]

    25.08.2014 22:44:35
    mbar-log-2014-08-25 (22-44-35).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 323999
    Time elapsed: 15 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
    ---------------------------------------------------------------------------------------------------------------
    System Log File:
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17239

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.594000 GHz
    Memory total: 4187770880, free: 2475991040

    Downloaded database version: v2014.08.24.02
    Downloaded database version: v2014.08.21.01
    =======================================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: A7EB26D3

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2736653979
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34 LastUsableLba 1953525134
    GPT Header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2736653979
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
    Backup GPT header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8a0311b3-f4d6-4697-a51f-72f246741d0
    FirstLBA 2048 Last LBA 2050047
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 3a74153c-95f8-45bb-bed4-719b2ec354c0
    FirstLBA 2050048 Last LBA 2582527
    Attributes 1
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 3898826e-15d8-4978-b1c0-698148c78
    FirstLBA 2582528 Last LBA 4630527
    Attributes 1
    Partition Name Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b75aa720-7a75-4246-b929-66b29fd22f6c
    FirstLBA 4630528 Last LBA 4892671
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 66ffdc7e-31e1-47ac-9d69-d57638f27e1
    FirstLBA 4892672 Last LBA 1874995199
    Attributes 0
    Partition Name Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 276dfe80-3a76-4918-a694-1a3aee819ab9
    FirstLBA 1874995200 Last LBA 1875711999
    Attributes 1
    Partition Name

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f6fd1a1e-6030-47b8-8454-e84e2942fef7
    FirstLBA 1875712000 Last LBA 1928140799
    Attributes 0
    Partition Name Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3f535bc9-16b6-463e-a6f1-9b0d3b53843
    FirstLBA 1928140800 Last LBA 1953523711
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.3.9200 Windows 8.1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17239

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.594000 GHz
    Memory total: 4187770880, free: 2107432960

    Downloaded database version: v2014.08.25.05
    Canceled update
    Downloaded database version: v2014.08.25.05
    Downloaded database version: v2014.08.21.01
    =======================================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: A7EB26D3

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2736653979
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34 LastUsableLba 1953525134
    GPT Header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2736653979
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
    Backup GPT header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 8a0311b3-f4d6-4697-a51f-72f246741d0
    FirstLBA 2048 Last LBA 2050047
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 3a74153c-95f8-45bb-bed4-719b2ec354c0
    FirstLBA 2050048 Last LBA 2582527
    Attributes 1
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 3898826e-15d8-4978-b1c0-698148c78
    FirstLBA 2582528 Last LBA 4630527
    Attributes 1
    Partition Name Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID b75aa720-7a75-4246-b929-66b29fd22f6c
    FirstLBA 4630528 Last LBA 4892671
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 66ffdc7e-31e1-47ac-9d69-d57638f27e1
    FirstLBA 4892672 Last LBA 1874995199
    Attributes 0
    Partition Name Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 276dfe80-3a76-4918-a694-1a3aee819ab9
    FirstLBA 1874995200 Last LBA 1875711999
    Attributes 1
    Partition Name

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f6fd1a1e-6030-47b8-8454-e84e2942fef7
    FirstLBA 1875712000 Last LBA 1928140799
    Attributes 0
    Partition Name Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 3f535bc9-16b6-463e-a6f1-9b0d3b53843
    FirstLBA 1928140800 Last LBA 1953523711
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 32 Numsec = 62535648
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 32018268160 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
  6. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You did fine.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  7. Noobie102

    Noobie102 TS Rookie Topic Starter

    Hey here are the scans:

    # AdwCleaner v3.308 - Bericht erstellt am 26/08/2014 um 13:37:45
    # Aktualisiert 20/08/2014 von Xplode
    # Betriebssystem : Windows 8.1 (64 bits)
    # Benutzername : XXXXX - XXXXX
    # Gestartet von : C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
    # Option : Löschen

    ***** [ Dienste ] *****


    ***** [ Dateien / Ordner ] *****


    ***** [ Tasks ] *****


    ***** [ Verknüpfungen ] *****


    ***** [ Registrierungsdatenbank ] *****


    ***** [ Browser ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Mozilla Firefox v30.0 (de)

    [ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    [ Datei : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1101 octets] - [22/08/2014 19:31:32]
    AdwCleaner[R1].txt - [1094 octets] - [22/08/2014 19:43:11]
    AdwCleaner[R2].txt - [1154 octets] - [26/08/2014 13:32:17]
    AdwCleaner[S0].txt - [1163 octets] - [22/08/2014 19:40:16]
    AdwCleaner[S1].txt - [1076 octets] - [26/08/2014 13:37:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1136 octets] ##########
    ------------------------------------------------------------------------------------------------------------------------------------------
  8. Noobie102

    Noobie102 TS Rookie Topic Starter

    Here is the JRT Scan

    a~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.4 (04.06.2014:1)
    OS: Windows 8.1 x64
    Ran by XXXXX on 26.08.2014 at 13:42:08,14
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\2izpmsgo.default\minidumps [14 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 26.08.2014 at 13:47:38,92
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. Noobie102

    Noobie102 TS Rookie Topic Starter

    FRST Part 1:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
    Ran by XXXXX (administrator) on XXXXX on 26-08-2014 13:48:52
    Running from C:\Users\XXXXX\Desktop
    Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
    (Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Realtek semiconductor) C:\Windows\RTFTrack.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
    (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
    (Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
    HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited)
    HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
    HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
    HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
    HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe"
    AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
    AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
    AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
    ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
    HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
    SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
    SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

    Chrome:
    =======
    CHR HomePage:
    CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
    CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
    CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
    CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
    CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
    CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
    R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
    R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
    R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
    R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
    R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited)
    R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
    S4 MultiKMS; "C:\Windows\MultiKMS\MultiKMS.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
    S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
    S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
    R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited)
    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-25] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
    S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
    S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
    S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
    S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
    S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
    S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
    S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-26 13:47 - 2014-08-26 13:47 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
    2014-08-26 13:40 - 2014-08-26 13:37 - 00001216 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S1].txt
    2014-08-25 22:29 - 2014-08-25 22:29 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
    2014-08-25 22:29 - 2014-08-25 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-25 22:28 - 2014-08-25 22:28 - 04851288 _____ () C:\Users\XXXXX\Desktop\RogueKiller.exe
    2014-08-25 15:11 - 2014-08-25 15:19 - 00035256 _____ () C:\zoek-results.log
    2014-08-25 15:10 - 2014-08-25 15:10 - 00000000 ____D () C:\zoek_backup
    2014-08-25 15:08 - 2014-08-25 15:08 - 01288704 _____ () C:\Users\XXXXX\Desktop\zoek.exe
    2014-08-25 15:02 - 2014-08-25 15:02 - 00001057 _____ () C:\Users\XXXXX\Desktop\mbam250814.txt
    2014-08-25 14:33 - 2014-08-25 14:33 - 00000085 _____ () C:\WINDOWS\wininit.ini
    2014-08-25 14:33 - 2014-08-25 14:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-08-25 14:14 - 2014-08-25 14:14 - 00051354 _____ () C:\Users\XXXXX\Desktop\MbrScan.log
    2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd1_DR3.mbr
    2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd0_DR0.mbr
    2014-08-25 14:13 - 2014-08-25 14:08 - 00147456 _____ (Eric_71) C:\Users\XXXXX\Desktop\MbrScan.exe
    2014-08-24 16:37 - 2014-08-24 16:37 - 00036053 _____ () C:\Users\XXXXX\Desktop\Addition.txt
    2014-08-24 16:36 - 2014-08-26 13:49 - 00017073 _____ () C:\Users\XXXXX\Desktop\FRST.txt
    2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
    2014-08-24 16:18 - 2014-08-24 16:10 - 00688992 _____ (Swearware) C:\dds.scr
    2014-08-24 16:01 - 2014-08-25 23:00 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
    2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
    2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
    2014-08-24 13:56 - 2014-08-24 13:55 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
    2014-08-24 13:50 - 2014-08-24 13:57 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
    2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
    2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
    2014-08-23 18:00 - 2014-08-23 17:50 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
    2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
    2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-08-22 19:47 - 2014-08-22 19:34 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
    2014-08-22 19:44 - 2014-08-22 19:40 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
    2014-08-22 19:31 - 2014-08-26 13:37 - 00000000 ____D () C:\AdwCleaner
    2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
    2014-08-22 19:22 - 2014-08-23 11:33 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
    2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-22 19:05 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-08-22 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
    2014-08-21 20:05 - 2004-01-16 20:57 - 302548481 ____R (InstallShield Software Corporation) C:\Users\XXXXX\Desktop\cs16full_v4+zbot.exe
    2014-08-21 17:18 - 2014-08-21 18:20 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
    2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
    2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
    2014-08-19 17:17 - 2014-08-23 23:02 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
    2014-08-19 17:16 - 2014-08-26 13:48 - 00000000 ____D () C:\FRST
    2014-08-19 17:16 - 2014-08-23 23:02 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
    2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
    2014-08-19 17:14 - 2014-08-23 22:58 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
    2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
    2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
    2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
    2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
    2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
    2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
    2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
    2014-08-18 19:40 - 2014-08-25 14:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-18 19:39 - 2014-08-25 14:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
    2014-08-18 17:02 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
    2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
    2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
    2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
    2014-08-17 21:52 - 2014-08-23 19:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
    2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
    2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
    2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
    2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
    2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
    2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
    2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
    2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
    2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
    2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
    2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
    2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
    2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
    2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
    2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
    2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
    2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
    2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
    2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
    2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
    2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
    2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
    2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
    2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
    2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
    2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
    2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
    2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-08-14 18:56 - 2014-08-25 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-14 18:56 - 2014-08-25 15:05 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-08-14 18:55 - 2014-08-25 22:44 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
    2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
    2014-08-12 17:55 - 2014-08-26 13:43 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-12 17:55 - 2014-08-26 13:40 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-12 17:55 - 2014-08-26 01:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
    2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
    2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
    2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
    2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
    2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
    2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
    2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
    2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
    2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
    2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
    2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
    2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
    2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
    2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
    2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone
  10. Noobie102

    Noobie102 TS Rookie Topic Starter

    FSRT Part 2:
    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-26 13:49 - 2014-08-24 16:36 - 00017073 _____ () C:\Users\XXXXX\Desktop\FRST.txt
    2014-08-26 13:48 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
    2014-08-26 13:47 - 2014-08-26 13:47 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
    2014-08-26 13:46 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-08-26 13:46 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
    2014-08-26 13:46 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
    2014-08-26 13:45 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
    2014-08-26 13:43 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-26 13:41 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job
    2014-08-26 13:40 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-26 13:38 - 2014-02-12 20:59 - 01058169 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-08-26 13:38 - 2013-11-14 00:18 - 00059644 _____ () C:\WINDOWS\PFRO.log
    2014-08-26 13:38 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-08-26 13:37 - 2014-08-26 13:40 - 00001216 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S1].txt
    2014-08-26 13:37 - 2014-08-22 19:31 - 00000000 ____D () C:\AdwCleaner
    2014-08-26 13:37 - 2014-02-12 16:28 - 17932906 _____ () C:\Users\Public\CAFADEBUG.log
    2014-08-26 01:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-26 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-08-25 23:00 - 2014-08-24 16:01 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
    2014-08-25 23:00 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-08-25 22:44 - 2014-08-14 18:55 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-08-25 22:29 - 2014-08-25 22:29 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
    2014-08-25 22:29 - 2014-08-25 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-25 22:28 - 2014-08-25 22:28 - 04851288 _____ () C:\Users\XXXXX\Desktop\RogueKiller.exe
    2014-08-25 15:35 - 2014-02-12 22:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002
    2014-08-25 15:19 - 2014-08-25 15:11 - 00035256 _____ () C:\zoek-results.log
    2014-08-25 15:10 - 2014-08-25 15:10 - 00000000 ____D () C:\zoek_backup
    2014-08-25 15:08 - 2014-08-25 15:08 - 01288704 _____ () C:\Users\XXXXX\Desktop\zoek.exe
    2014-08-25 15:05 - 2014-08-14 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-08-25 15:02 - 2014-08-25 15:02 - 00001057 _____ () C:\Users\XXXXX\Desktop\mbam250814.txt
    2014-08-25 14:34 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-08-25 14:33 - 2014-08-25 14:33 - 00000085 _____ () C:\WINDOWS\wininit.ini
    2014-08-25 14:33 - 2014-08-25 14:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
    2014-08-25 14:33 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-25 14:14 - 2014-08-25 14:14 - 00051354 _____ () C:\Users\XXXXX\Desktop\MbrScan.log
    2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd1_DR3.mbr
    2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd0_DR0.mbr
    2014-08-25 14:08 - 2014-08-25 14:13 - 00147456 _____ (Eric_71) C:\Users\XXXXX\Desktop\MbrScan.exe
    2014-08-24 16:37 - 2014-08-24 16:37 - 00036053 _____ () C:\Users\XXXXX\Desktop\Addition.txt
    2014-08-24 16:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
    2014-08-24 16:25 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX
    2014-08-24 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-08-24 16:10 - 2014-08-24 16:18 - 00688992 _____ (Swearware) C:\dds.scr
    2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
    2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
    2014-08-24 14:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
    2014-08-24 13:57 - 2014-08-24 13:50 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
    2014-08-24 13:55 - 2014-08-24 13:56 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
    2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
    2014-08-24 12:42 - 2014-05-15 12:42 - 00007606 _____ () C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
    2014-08-24 12:39 - 2014-01-15 01:03 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
    2014-08-24 12:39 - 2013-08-22 16:46 - 00346209 _____ () C:\WINDOWS\setupact.log
    2014-08-24 12:39 - 2013-08-22 16:46 - 00000618 _____ () C:\WINDOWS\setuperr.log
    2014-08-24 12:27 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
    2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
    2014-08-23 23:02 - 2014-08-19 17:17 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
    2014-08-23 23:02 - 2014-08-19 17:16 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
    2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
    2014-08-23 22:58 - 2014-08-19 17:14 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
    2014-08-23 20:25 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
    2014-08-23 19:02 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-08-23 17:50 - 2014-08-23 18:00 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
    2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
    2014-08-23 11:33 - 2014-08-22 19:22 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
    2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-08-22 19:41 - 2013-08-22 16:44 - 05039384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-08-22 19:40 - 2014-08-22 19:44 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
    2014-08-22 19:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-08-22 19:34 - 2014-08-22 19:47 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
    2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
    2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
    2014-08-22 15:30 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB
    2014-08-21 20:25 - 2014-01-15 01:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-08-21 20:06 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
    2014-08-21 20:06 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
    2014-08-21 20:06 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
    2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
    2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
    2014-08-21 20:06 - 2013-08-22 06:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
    2014-08-21 20:06 - 2013-08-22 06:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
    2014-08-21 20:06 - 2013-08-22 05:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
    2014-08-21 20:06 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
    2014-08-21 20:06 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
    2014-08-21 20:06 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
    2014-08-21 20:06 - 2013-08-22 05:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
    2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
    2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
    2014-08-21 20:06 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-08-21 18:20 - 2014-08-21 17:18 - 00000000 ____D () C:\Program Files\CCleaner
    2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos
    2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2014-08-21 18:11 - 2014-04-07 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-08-21 18:10 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-08-21 18:10 - 2013-11-14 09:13 - 00000000 ____D () C:\WINDOWS\ShellNew
    2014-08-21 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
    2014-08-21 18:05 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
    2014-08-21 17:25 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
    2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
    2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
    2014-08-19 17:31 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-08-19 17:31 - 2014-02-20 14:25 - 557322577 _____ () C:\WINDOWS\MEMORY.DMP
    2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
    2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
    2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
    2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
    2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
    2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
    2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
    2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
    2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
    2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
    2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe
    2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
    2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
    2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
    2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
    2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
    2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
    2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
    2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
    2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA
    2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag
    2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
    2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
    2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
    2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
    2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
    2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
    2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
    2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
    2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone
    2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
    2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
    2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
    2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
    2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh
    2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
    2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
    2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
    2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
    2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
    2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
    2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum
    2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
    2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
    2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2014-08-02 05:11 - 2014-08-18 17:02 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
    2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
    2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone

    Some content of TEMP:
    ====================
    C:\Users\XXXXX\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-23 14:34

    ==================== End Of Log ============================
  11. Noobie102

    Noobie102 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
    Ran by XXXXX at 2014-08-26 13:49:45
    Running from C:\Users\XXXXX\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
    AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
    Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
    Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
    Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
    Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH)
    Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
    Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
    Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
    Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited)
    Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
    Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
    Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
    Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
    Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
    Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
    Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
    Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
    Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
    Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
    Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
    Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
    MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
    Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
    Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
    NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
    NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
    NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
    NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
    NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
    Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
    Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
    Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
    Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
    Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
    UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
    Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
    WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    21-08-2014 16:04:13 Removed Microsoft Office Professional Plus 2013
    21-08-2014 16:04:43 PROPLUSR
    25-08-2014 13:11:40 zoek.exe restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] ()
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {4BE91F91-5C77-4151-92E2-F4D576785DB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
    Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {856CBA86-7346-4CF9-BDFF-AF610CDEDAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
    Task: {C902A460-3762-45EF-834B-64745252B39A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] ()
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
    Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
    Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07330653.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07330653.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AtherosSvc => 2
    MSCONFIG\Services: bthserv => 3
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: WinRM => 3
    MSCONFIG\Services: WMPNetworkSvc => 3
    MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "YouCam Tray"
    HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
    HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
    HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-08-24 12:07:42.578
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-24 12:07:42.484
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-24 12:06:13.476
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
    Percentage of memory in use: 39%
    Total physical RAM: 3993.77 MB
    Available physical RAM: 2429.43 MB
    Total Pagefile: 12185.77 MB
    Available Pagefile: 10826.73 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.83 MB

    ==================== Drives ================================

    Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:811.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Attached Files:

  13. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Still with me?
  14. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.