Inactive-A Weird browser behaviour, rootkit suspected

Status
Not open for further replies.
N

Noobie102

Posts: 8   +0
Hey there guys,
I'd like to ask you for help in figuring out some funny behaviour that my Lenovo has exhibited last week. It's got Windows 8.1 and UEFI on board. Early last week I experienced very slow internet (Google would not load). Tried shutting Firefox and restarting it, but it said that the process is already running in the background. So I tried to kill the process in Task Manager. On trying to do so, the computer gave me the message "Access Denied". This is also happened when I tried to use IE and Chrome. This behaviour has me kinda freaked out and I am scared that I have a nasty rootkit which has gone undetected so far. I have tried scans with multiple softwares, but none of them detected anything suspicious. I finally did a System Recovery after choosing an old state, and have not experienced the above symtpoms as of yet. I am still very scared that I am being played with.

I tried getting help on another forum, but help has been very slow (over two days). I have conducted a Defogger disable scan, and then a scan using Farbar FRST and GMER. GMER detects an unknown MBR code, but doesn't explicitly mention any rootkit activity. I also scanned using TDSSKiller, it came up with the following:

21:13:16.0989 0x01c0 Detected object count: 7
21:13:16.0989 0x01c0 Actual detected object count: 7
21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 MultiKMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 Service KMSELDI ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 IAStorIcon ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 SmartAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:07.0544 0x01c0 UpdateP2GShortCut ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:23:11.0748 0x149c Deinitialize success

I have since removed KMSpico/KMSELDI and other stuff related to it from my computer.

I'd really appreciate if somebody tells me if I have a rootkit and what I can do about it. Thanks! :)
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hey Broni, sorry for the delayed reply. Here is a fresh scan of Malwarebytes. Unfortunately, I couldn't scan using DDS. I got the message "Not meant to run in compatibility mode. Will exit now". Any idea what to do?

MBAM Scan:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24.08.2014
Scan Time: 13:35:39
Logfile: mbam240814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.24.02
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: XXXXX

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324641
Time Elapsed: 13 min, 30 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

EDIT: As I mentioned earlier, I had run Defogger to disable drivers, but didn't run it again after that. Dunno if that can affect the running of DDS. :)
 
DDS won't run on Windows 8.1.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
Hey I ran RogueKiller but I am concerned about the files it has chosen to delete. Under processes, it has deleted RTFTrack.exe which was related to the Realtek driver software on the laptop. Plus it has chosen a bunch of things from the registry which I am not sure if I should delete. Here's the RKReport, maybe you could give me your opinion if these should be deleted. I'll do the needful, if you feel they are harmful or not required for the laptop to function properly.

RogueKiller V9.2.8.0 [Jul 11 2014] durch Adlice Software
mail : http://www.adlice.com/contact/
Kommentare : http://forum.adlice.com
Webseite : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 8.1 (6.3.9200 ) 64 bits version
Gestartet in : Normaler Modus
Benutzer : XXXXX [Admin Rechte]
Funktion : Scannen -- Datum : 08/25/2014 22:35:11

¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[Suspicious.Path] RTFTrack.exe -- C:\Windows\RTFTrack.exe[7] -> GELÖSCHT [TermProc]

¤¤¤ Registry-Einträge : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | RtsFT : RTFTrack.exe -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A85F3A85-EA29-432E-86D2-0A3410E895AB} | DhcpNameServer : 137.226.111.251 137.226.111.252 -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E063D2E0-BAA4-47CB-8618-7A711F40E278} | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A85F3A85-EA29-432E-86D2-0A3410E895AB} | DhcpNameServer : 137.226.111.251 137.226.111.252 -> GEFUNDEN
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E063D2E0-BAA4-47CB-8618-7A711F40E278} | DhcpNameServer : 134.130.4.1 134.130.5.1 -> GEFUNDEN
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> GEFUNDEN
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> GEFUNDEN
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> GEFUNDEN
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> GEFUNDEN

¤¤¤ Geplante Tasks : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Hosts-Datei : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NICHT GELADEN [0xc000036b]) ¤¤¤

¤¤¤ Web-Browsern : 0 ¤¤¤

¤¤¤ MBR überprüfen : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-SSHD-8GB +++++
--- User ---
[MBR] ad6da9c1a0b34d34a087c421489d6da9
[BSP] cceae252e1a248ecb5a3f6787da19bc8 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
---------------------------------------------------------------------------------------------------------------

MBAR Log file:
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.25.05

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17239
XXXXX :: XXXXX-PC [administrator]

25.08.2014 22:44:35
mbar-log-2014-08-25 (22-44-35).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 323999
Time elapsed: 15 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------------------------------------------------------------
System Log File:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4187770880, free: 2475991040

Downloaded database version: v2014.08.24.02
Downloaded database version: v2014.08.21.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A7EB26D3

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2736653979
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2736653979
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8a0311b3-f4d6-4697-a51f-72f246741d0
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 3a74153c-95f8-45bb-bed4-719b2ec354c0
FirstLBA 2050048 Last LBA 2582527
Attributes 1
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID 3898826e-15d8-4978-b1c0-698148c78
FirstLBA 2582528 Last LBA 4630527
Attributes 1
Partition Name Basic data partition

Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b75aa720-7a75-4246-b929-66b29fd22f6c
FirstLBA 4630528 Last LBA 4892671
Attributes 0
Partition Name Microsoft reserved partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 66ffdc7e-31e1-47ac-9d69-d57638f27e1
FirstLBA 4892672 Last LBA 1874995199
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 276dfe80-3a76-4918-a694-1a3aee819ab9
FirstLBA 1874995200 Last LBA 1875711999
Attributes 1
Partition Name

Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f6fd1a1e-6030-47b8-8454-e84e2942fef7
FirstLBA 1875712000 Last LBA 1928140799
Attributes 0
Partition Name Basic data partition

Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3f535bc9-16b6-463e-a6f1-9b0d3b53843
FirstLBA 1928140800 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17239

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4187770880, free: 2107432960

Downloaded database version: v2014.08.25.05
Canceled update
Downloaded database version: v2014.08.25.05
Downloaded database version: v2014.08.21.01
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: A7EB26D3

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2736653979
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2736653979
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 20d55e6e-b984-4320-99f2-b0bad057d784
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 8a0311b3-f4d6-4697-a51f-72f246741d0
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 3a74153c-95f8-45bb-bed4-719b2ec354c0
FirstLBA 2050048 Last LBA 2582527
Attributes 1
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID 3898826e-15d8-4978-b1c0-698148c78
FirstLBA 2582528 Last LBA 4630527
Attributes 1
Partition Name Basic data partition

Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b75aa720-7a75-4246-b929-66b29fd22f6c
FirstLBA 4630528 Last LBA 4892671
Attributes 0
Partition Name Microsoft reserved partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 66ffdc7e-31e1-47ac-9d69-d57638f27e1
FirstLBA 4892672 Last LBA 1874995199
Attributes 0
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 276dfe80-3a76-4918-a694-1a3aee819ab9
FirstLBA 1874995200 Last LBA 1875711999
Attributes 1
Partition Name

Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID f6fd1a1e-6030-47b8-8454-e84e2942fef7
FirstLBA 1875712000 Last LBA 1928140799
Attributes 0
Partition Name Basic data partition

Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 3f535bc9-16b6-463e-a6f1-9b0d3b53843
FirstLBA 1928140800 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 62535648
Partition file system is NTFS
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 32018268160 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-32-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
You did fine.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Hey here are the scans:

# AdwCleaner v3.308 - Bericht erstellt am 26/08/2014 um 13:37:45
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : XXXXX - XXXXX
# Gestartet von : C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1101 octets] - [22/08/2014 19:31:32]
AdwCleaner[R1].txt - [1094 octets] - [22/08/2014 19:43:11]
AdwCleaner[R2].txt - [1154 octets] - [26/08/2014 13:32:17]
AdwCleaner[S0].txt - [1163 octets] - [22/08/2014 19:40:16]
AdwCleaner[S1].txt - [1076 octets] - [26/08/2014 13:37:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1136 octets] ##########
------------------------------------------------------------------------------------------------------------------------------------------
 
Here is the JRT Scan

a~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by XXXXX on 26.08.2014 at 13:42:08,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\XXXXX\AppData\Roaming\mozilla\firefox\profiles\2izpmsgo.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.08.2014 at 13:47:38,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST Part 1:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2014
Ran by XXXXX (administrator) on XXXXX on 26-08-2014 13:48:52
Running from C:\Users\XXXXX\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6339656 2013-04-10] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [900704 2013-03-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2014-01-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2014-01-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-05-20] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\RunOnce: [Uninstall C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-3025749280-237415010-592600764-1002\...\MountPoints2: {10b1e5a9-9419-11e3-824f-40f02fd150c4} - "F:\setup.exe"
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-05-20] (Sophos Limited)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-05-20] (Sophos Limited)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {9FAFF8B6-6864-4B46-BAE1-4D712EE1D30C} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.130.4.1 134.130.5.1

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\2izpmsgo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Docs) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-11]
CHR Extension: (Google Drive) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-11]
CHR Extension: (YouTube) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-11]
CHR Extension: (Google-Suche) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-11]
CHR Extension: (Google Mail) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-11-06] (Intel Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-08-18] (LENOVO INCORPORATED.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-20] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-05-20] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-05-20] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-05-20] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300328 2014-05-20] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-05-20] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S4 MultiKMS; "C:\Windows\MultiKMS\MultiKMS.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-17] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-04-10] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2014-05-20] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2014-05-20] (Sophos Limited)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 13:47 - 2014-08-26 13:47 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-26 13:40 - 2014-08-26 13:37 - 00001216 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S1].txt
2014-08-25 22:29 - 2014-08-25 22:29 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-25 22:29 - 2014-08-25 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-25 22:28 - 2014-08-25 22:28 - 04851288 _____ () C:\Users\XXXXX\Desktop\RogueKiller.exe
2014-08-25 15:11 - 2014-08-25 15:19 - 00035256 _____ () C:\zoek-results.log
2014-08-25 15:10 - 2014-08-25 15:10 - 00000000 ____D () C:\zoek_backup
2014-08-25 15:08 - 2014-08-25 15:08 - 01288704 _____ () C:\Users\XXXXX\Desktop\zoek.exe
2014-08-25 15:02 - 2014-08-25 15:02 - 00001057 _____ () C:\Users\XXXXX\Desktop\mbam250814.txt
2014-08-25 14:33 - 2014-08-25 14:33 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-25 14:33 - 2014-08-25 14:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-25 14:14 - 2014-08-25 14:14 - 00051354 _____ () C:\Users\XXXXX\Desktop\MbrScan.log
2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd1_DR3.mbr
2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd0_DR0.mbr
2014-08-25 14:13 - 2014-08-25 14:08 - 00147456 _____ (Eric_71) C:\Users\XXXXX\Desktop\MbrScan.exe
2014-08-24 16:37 - 2014-08-24 16:37 - 00036053 _____ () C:\Users\XXXXX\Desktop\Addition.txt
2014-08-24 16:36 - 2014-08-26 13:49 - 00017073 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
2014-08-24 16:18 - 2014-08-24 16:10 - 00688992 _____ (Swearware) C:\dds.scr
2014-08-24 16:01 - 2014-08-25 23:00 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
2014-08-24 13:56 - 2014-08-24 13:55 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
2014-08-24 13:50 - 2014-08-24 13:57 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 18:00 - 2014-08-23 17:50 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:47 - 2014-08-22 19:34 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:44 - 2014-08-22 19:40 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
2014-08-22 19:31 - 2014-08-26 13:37 - 00000000 ____D () C:\AdwCleaner
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:22 - 2014-08-23 11:33 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-22 19:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-21 20:05 - 2004-01-16 20:57 - 302548481 ____R (InstallShield Software Corporation) C:\Users\XXXXX\Desktop\cs16full_v4+zbot.exe
2014-08-21 17:18 - 2014-08-21 18:20 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:17 - 2014-08-23 23:02 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
2014-08-19 17:16 - 2014-08-26 13:48 - 00000000 ____D () C:\FRST
2014-08-19 17:16 - 2014-08-23 23:02 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:14 - 2014-08-23 22:58 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:13 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:08 - 2014-08-19 16:06 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:40 - 2014-08-25 14:33 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-18 19:39 - 2014-08-25 14:34 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-18 19:37 - 2014-08-18 19:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 17:02 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-23 19:02 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-17 21:46 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2014-08-17 21:46 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2014-08-17 21:46 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-08-17 21:46 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-08-17 21:46 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-08-17 21:46 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-08-17 21:45 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-17 21:45 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-17 21:45 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-17 21:45 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-17 21:45 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-17 21:45 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-17 21:45 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-17 21:45 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-17 21:45 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 21:45 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-17 21:45 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-17 21:45 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-17 21:45 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-17 21:45 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-17 21:45 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-17 21:45 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-17 21:45 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-17 21:45 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-17 21:45 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-17 21:45 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-17 21:45 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-17 21:44 - 2014-05-31 08:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 21:43 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 21:35 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-08-17 21:35 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-08-17 21:35 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-08-17 21:35 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-08-17 21:35 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 21:35 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 21:35 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 21:35 - 2014-06-05 16:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-08-17 21:35 - 2014-06-05 15:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-08-17 21:35 - 2014-06-02 04:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-08-17 21:35 - 2014-05-31 12:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-08-17 21:35 - 2014-05-31 12:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2014-08-17 21:35 - 2014-05-31 12:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2014-08-17 21:35 - 2014-05-31 08:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2014-08-17 21:35 - 2014-05-31 08:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
2014-08-17 21:35 - 2014-05-31 08:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
2014-08-17 21:35 - 2014-05-31 06:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
2014-08-17 21:35 - 2014-05-31 06:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2014-08-17 21:35 - 2014-05-31 06:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
2014-08-17 21:35 - 2014-05-27 17:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-08-17 21:35 - 2014-05-27 11:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-27 11:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
2014-08-17 21:35 - 2014-05-17 06:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-17 06:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-08-17 21:35 - 2014-05-13 09:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-08-17 21:35 - 2014-05-13 07:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 06:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-08-17 21:35 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-13 05:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-08-17 21:35 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 21:35 - 2014-05-03 13:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-08-17 21:35 - 2014-05-03 11:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-08-17 21:35 - 2014-05-03 07:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-08-17 21:35 - 2014-05-03 07:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 07:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-08-17 21:35 - 2014-05-03 07:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-08-17 21:35 - 2014-05-03 06:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-08-17 21:35 - 2014-05-03 06:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-08-17 21:35 - 2014-05-03 01:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
2014-08-17 21:35 - 2014-05-01 07:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-08-17 21:35 - 2014-04-30 08:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2014-08-17 21:35 - 2014-04-30 08:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2014-08-17 21:35 - 2014-04-30 07:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2014-08-17 21:35 - 2014-04-30 06:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 06:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 06:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-08-17 21:35 - 2014-04-30 05:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-08-17 21:35 - 2014-04-30 05:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2014-08-17 21:35 - 2014-04-30 05:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2014-08-17 21:35 - 2014-04-30 05:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2014-08-17 21:35 - 2014-04-30 05:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2014-08-17 21:35 - 2014-04-29 00:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2014-08-17 21:35 - 2014-04-27 00:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-08-17 21:35 - 2014-04-26 22:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-08-17 21:35 - 2014-04-26 18:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2014-08-17 21:35 - 2014-04-14 11:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-08-17 21:35 - 2014-04-14 10:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-08-17 21:35 - 2014-04-14 07:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-08-17 21:35 - 2014-04-09 08:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-08-17 21:35 - 2014-04-09 07:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-08-17 21:34 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-17 21:34 - 2014-08-07 00:39 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 21:34 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-17 21:34 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-17 21:34 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-08-17 21:34 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-08-17 21:34 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-08-17 21:34 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-08-17 21:34 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-08-17 21:34 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-08-17 21:34 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-08-14 18:56 - 2014-08-25 23:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-14 18:56 - 2014-08-25 15:05 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 18:55 - 2014-08-25 22:44 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:11 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-26 13:43 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 17:55 - 2014-08-26 13:40 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 17:55 - 2014-08-26 01:00 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-11 13:58 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-11 00:19 - 2014-08-11 00:23 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-10 23:08 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-09 16:21 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-07-29 11:34 - 2014-07-31 13:12 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 13:26 - 2014-07-27 18:29 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone
2014-07-27 13:24 - 2014-08-12 17:49 - 00000000 ____D () C:\Program Files (x86)\LightZone
 
FSRT Part 2:
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-26 13:49 - 2014-08-24 16:36 - 00017073 _____ () C:\Users\XXXXX\Desktop\FRST.txt
2014-08-26 13:48 - 2014-08-19 17:16 - 00000000 ____D () C:\FRST
2014-08-26 13:47 - 2014-08-26 13:47 - 00000764 _____ () C:\Users\XXXXX\Desktop\JRT.txt
2014-08-26 13:46 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-26 13:46 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-26 13:46 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-26 13:45 - 2014-07-19 19:23 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2014-08-26 13:43 - 2014-08-12 17:55 - 00002206 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-26 13:41 - 2014-04-11 14:33 - 00000606 _____ () C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job
2014-08-26 13:40 - 2014-08-12 17:55 - 00001140 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 13:38 - 2014-02-12 20:59 - 01058169 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-26 13:38 - 2013-11-14 00:18 - 00059644 _____ () C:\WINDOWS\PFRO.log
2014-08-26 13:38 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-26 13:37 - 2014-08-26 13:40 - 00001216 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S1].txt
2014-08-26 13:37 - 2014-08-22 19:31 - 00000000 ____D () C:\AdwCleaner
2014-08-26 13:37 - 2014-02-12 16:28 - 17932906 _____ () C:\Users\Public\CAFADEBUG.log
2014-08-26 01:00 - 2014-08-12 17:55 - 00001144 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-25 23:00 - 2014-08-24 16:01 - 00000000 ____D () C:\Users\XXXXX\Desktop\mbar
2014-08-25 23:00 - 2014-08-14 18:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-25 22:44 - 2014-08-14 18:55 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-25 22:29 - 2014-08-25 22:29 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-08-25 22:29 - 2014-08-25 22:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-25 22:28 - 2014-08-25 22:28 - 04851288 _____ () C:\Users\XXXXX\Desktop\RogueKiller.exe
2014-08-25 15:35 - 2014-02-12 22:32 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3025749280-237415010-592600764-1002
2014-08-25 15:19 - 2014-08-25 15:11 - 00035256 _____ () C:\zoek-results.log
2014-08-25 15:10 - 2014-08-25 15:10 - 00000000 ____D () C:\zoek_backup
2014-08-25 15:08 - 2014-08-25 15:08 - 01288704 _____ () C:\Users\XXXXX\Desktop\zoek.exe
2014-08-25 15:05 - 2014-08-14 18:56 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 15:02 - 2014-08-25 15:02 - 00001057 _____ () C:\Users\XXXXX\Desktop\mbam250814.txt
2014-08-25 14:34 - 2014-08-18 19:39 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-08-25 14:33 - 2014-08-25 14:33 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-08-25 14:33 - 2014-08-25 14:33 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-08-25 14:33 - 2014-08-18 19:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-25 14:14 - 2014-08-25 14:14 - 00051354 _____ () C:\Users\XXXXX\Desktop\MbrScan.log
2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd1_DR3.mbr
2014-08-25 14:14 - 2014-08-25 14:14 - 00000512 _____ () C:\Users\XXXXX\Desktop\Dump_Hdd0_DR0.mbr
2014-08-25 14:08 - 2014-08-25 14:13 - 00147456 _____ (Eric_71) C:\Users\XXXXX\Desktop\MbrScan.exe
2014-08-24 16:37 - 2014-08-24 16:37 - 00036053 _____ () C:\Users\XXXXX\Desktop\Addition.txt
2014-08-24 16:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-24 16:25 - 2014-08-24 16:25 - 00000362 _____ () C:\Users\XXXXX\Desktop\defogger_enable.log
2014-08-24 16:25 - 2014-02-12 21:04 - 00000000 ____D () C:\Users\XXXXX
2014-08-24 16:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-24 16:10 - 2014-08-24 16:18 - 00688992 _____ (Swearware) C:\dds.scr
2014-08-24 16:01 - 2014-08-24 16:01 - 14349744 _____ (Malwarebytes Corp.) C:\Users\XXXXX\Desktop\mbar-1.07.0.1012.exe
2014-08-24 14:28 - 2014-08-24 14:28 - 00000570 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.24_14.28.17.txt
2014-08-24 14:22 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-08-24 13:57 - 2014-08-24 13:50 - 00001047 _____ () C:\Users\XXXXX\Desktop\mbam240814.txt
2014-08-24 13:55 - 2014-08-24 13:56 - 00688992 _____ (Swearware) C:\Users\XXXXX\Desktop\dds.com
2014-08-24 13:05 - 2014-08-24 13:05 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-08-24 12:42 - 2014-05-15 12:42 - 00007606 _____ () C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
2014-08-24 12:39 - 2014-01-15 01:03 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-08-24 12:39 - 2013-08-22 16:46 - 00346209 _____ () C:\WINDOWS\setupact.log
2014-08-24 12:39 - 2013-08-22 16:46 - 00000618 _____ () C:\WINDOWS\setuperr.log
2014-08-24 12:27 - 2014-02-12 19:31 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\Skype
2014-08-24 12:07 - 2014-08-24 12:07 - 00000229 _____ () C:\Users\XXXXX\mbr.log
2014-08-23 23:02 - 2014-08-19 17:17 - 00036803 _____ () C:\Users\XXXXX\Desktop\Addition 230814.txt
2014-08-23 23:02 - 2014-08-19 17:16 - 00065330 _____ () C:\Users\XXXXX\Desktop\FRST 230814.txt
2014-08-23 22:58 - 2014-08-23 22:58 - 00000000 ____D () C:\Users\XXXXX\Desktop\FRST-OlderVersion
2014-08-23 22:58 - 2014-08-19 17:14 - 02103296 _____ (Farbar) C:\Users\XXXXX\Desktop\FRST64.exe
2014-08-23 20:25 - 2014-01-15 01:25 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Lenovo
2014-08-23 19:02 - 2014-08-17 21:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-23 17:50 - 2014-08-23 18:00 - 02347384 _____ (ESET) C:\Users\XXXXX\Desktop\esetsmartinstaller_deu.exe
2014-08-23 17:46 - 2014-08-23 17:46 - 00001168 _____ () C:\Users\XXXXX\Desktop\mbam2.txt
2014-08-23 11:33 - 2014-08-22 19:22 - 00001141 _____ () C:\Users\XXXXX\Desktop\mbam.txt
2014-08-22 19:48 - 2014-08-22 19:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-22 19:41 - 2013-08-22 16:44 - 05039384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-22 19:40 - 2014-08-22 19:44 - 00001163 _____ () C:\Users\XXXXX\Desktop\AdwCleaner[S0].txt
2014-08-22 19:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-08-22 19:34 - 2014-08-22 19:47 - 01016261 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT_6.1.4.exe
2014-08-22 19:29 - 2014-08-22 19:29 - 01364531 _____ () C:\Users\XXXXX\Desktop\adwcleaner_3.308.exe
2014-08-22 19:05 - 2014-08-22 19:05 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-22 19:05 - 2014-08-22 19:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-22 19:01 - 2014-08-22 19:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\XXXXX\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-22 15:30 - 2014-04-08 12:57 - 00000000 ____D () C:\Users\XXXXX\Documents\MATLAB
2014-08-21 20:25 - 2014-01-15 01:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 20:06 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2014-08-21 20:06 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2014-08-21 20:06 - 2013-08-22 06:05 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2014-08-21 20:06 - 2013-08-22 06:03 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2014-08-21 20:06 - 2013-08-22 05:59 - 00214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2014-08-21 20:06 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2014-08-21 20:06 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2014-08-21 20:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2014-08-21 20:06 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-21 18:20 - 2014-08-21 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\ProgramData\Sophos
2014-08-21 18:13 - 2014-02-12 16:50 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-08-21 18:11 - 2014-04-07 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-21 18:10 - 2014-06-11 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-21 18:10 - 2013-11-14 09:13 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-08-21 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-21 18:05 - 2013-08-22 15:25 - 00000076 _____ () C:\WINDOWS\win.ini
2014-08-21 17:25 - 2014-02-17 00:01 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
2014-08-21 17:18 - 2014-08-21 17:18 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-08-21 17:18 - 2014-08-21 17:18 - 00000845 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-21 17:18 - 2014-08-21 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-19 21:01 - 2014-08-19 21:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Desktop\tdsskiller.exe
2014-08-19 17:31 - 2014-08-19 17:31 - 00349048 _____ () C:\WINDOWS\Minidump\081914-14921-01.dmp
2014-08-19 17:31 - 2014-02-20 14:26 - 00000000 ____D () C:\WINDOWS\Minidump
2014-08-19 17:31 - 2014-02-20 14:25 - 557322577 _____ () C:\WINDOWS\MEMORY.DMP
2014-08-19 17:24 - 2014-08-19 17:24 - 00007887 _____ () C:\Users\XXXXX\Desktop\gmerlog190814.log
2014-08-19 17:15 - 2014-08-19 17:15 - 00000560 _____ () C:\Users\XXXXX\Desktop\defogger_disable.log
2014-08-19 17:13 - 2014-08-19 17:13 - 00050477 _____ () C:\Users\XXXXX\Desktop\Defogger.exe
2014-08-19 16:13 - 2014-08-19 16:09 - 00000768 _____ () C:\Users\XXXXX\Desktop\MBRMastr_2014.08.19_16.09.54.txt
2014-08-19 16:10 - 2014-08-19 16:10 - 00000146 _____ () C:\Users\XXXXX\Desktop\emsi.zip
2014-08-19 16:09 - 2014-08-19 16:09 - 00000512 _____ () C:\Users\XXXXX\Desktop\emsi.mbr
2014-08-19 16:06 - 2014-08-19 16:08 - 00788728 _____ (Emsisoft GmbH) C:\Users\XXXXX\Desktop\mbrmastr.exe
2014-08-19 14:28 - 2014-08-19 14:28 - 00000512 _____ () C:\Users\XXXXX\Desktop\MBR.dat
2014-08-19 02:23 - 2014-02-17 00:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-19 02:22 - 2014-02-17 00:29 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 19:50 - 2014-08-18 19:50 - 00372352 _____ () C:\WINDOWS\Minidump\081814-31546-01.dmp
2014-08-18 19:38 - 2014-08-18 19:37 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\abc123.exe
2014-08-18 19:00 - 2014-01-15 01:25 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-18 18:48 - 2014-01-15 01:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-18 18:44 - 2014-05-18 11:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-08-18 16:01 - 2014-08-18 16:01 - 00380416 _____ () C:\Users\XXXXX\Desktop\7kdbwp1l.exe
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-18 10:50 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-18 10:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-18 10:38 - 2014-08-18 10:38 - 02478784 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\procexp.exe
2014-08-18 10:32 - 2014-08-18 10:32 - 00592568 _____ (Sysinternals - www.sysinternals.com) C:\Users\XXXXX\Downloads\autoruns.exe
2014-08-18 10:29 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-17 21:53 - 2014-08-17 21:53 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 18814224 _____ (SUPERAntiSpyware) C:\Users\XXXXX\Downloads\SUPERAntiSpywarePro.exe
2014-08-17 21:52 - 2014-08-17 21:52 - 00001831 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-17 21:52 - 2014-08-17 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-15 17:04 - 2014-04-03 23:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\BA
2014-08-15 16:03 - 2014-03-15 03:21 - 00000000 ____D () C:\ldiag
2014-08-14 21:03 - 2014-05-14 13:39 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-08-14 20:59 - 2014-06-11 23:21 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-08-14 20:57 - 2014-06-28 11:45 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-08-14 20:57 - 2014-06-14 17:31 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-08-14 20:57 - 2014-05-14 14:13 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-08-14 20:57 - 2014-05-14 14:01 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-08-14 20:57 - 2014-05-14 14:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-08-14 20:57 - 2014-05-14 13:39 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-08-14 20:57 - 2014-05-14 13:38 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-08-14 20:57 - 2014-05-14 13:38 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-08-14 20:19 - 2014-02-12 16:56 - 00000000 _____ () C:\WINDOWS\system32\vireng.log
2014-08-14 18:56 - 2014-08-10 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-14 18:45 - 2014-01-15 01:24 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-14 18:26 - 2014-08-14 18:26 - 00000342 _____ () C:\WINDOWS\system32\.crusader
2014-08-14 18:20 - 2014-08-14 18:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-14 17:35 - 2014-08-14 17:35 - 00000000 ____D () C:\WINDOWS\pss
2014-08-12 17:55 - 2014-08-12 17:55 - 00004116 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-12 17:55 - 2014-08-12 17:55 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-12 17:55 - 2014-08-12 17:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Deployment
2014-08-12 17:54 - 2014-08-12 17:54 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Apps\2.0
2014-08-12 17:54 - 2014-08-11 13:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Google
2014-08-12 17:49 - 2014-08-09 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2014-08-12 17:49 - 2014-07-27 13:24 - 00000000 ____D () C:\Program Files (x86)\LightZone
2014-08-12 17:49 - 2014-02-17 00:00 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-12 17:49 - 2014-02-14 23:14 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\vlc
2014-08-12 17:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-08-12 17:42 - 2014-02-12 22:03 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Packages
2014-08-12 11:46 - 2014-06-04 21:23 - 00000000 ____D () C:\Users\XXXXX\Desktop\From Nitesh
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieUserList
2014-08-11 11:47 - 2014-08-11 11:47 - 00000000 __SHD () C:\Users\XXXXX\AppData\Local\EmieSiteList
2014-08-11 00:23 - 2014-08-11 00:19 - 00000000 ____D () C:\Program Files (x86)\The Cleaner
2014-08-11 00:20 - 2014-08-11 00:20 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\thecleaner
2014-08-09 16:21 - 2014-08-09 16:21 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2014-08-08 23:25 - 2014-08-08 23:25 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Lenovo
2014-08-08 18:34 - 2014-08-08 18:34 - 00000000 ____D () C:\Users\XXXXX\AppData\Local\Eraser 6
2014-08-08 14:33 - 2014-05-04 22:28 - 00000000 ____D () C:\Users\XXXXX\Desktop\Praktikum
2014-08-08 14:31 - 2014-08-08 14:31 - 00000000 ____D () C:\Program Files\Eraser
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-07 10:58 - 2014-08-07 10:58 - 00000000 ____D () C:\Users\XXXXX\AppData\Roaming\chc
2014-08-07 04:12 - 2014-08-17 21:34 - 01336624 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-08-07 00:39 - 2014-08-17 21:34 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-02 05:56 - 2014-08-17 21:34 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-08-02 05:11 - 2014-08-18 17:02 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-08-02 02:17 - 2014-05-15 14:04 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2014-05-15 14:04 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-31 13:12 - 2014-07-29 11:34 - 00000000 ____D () C:\Users\XXXXX\Desktop\AEF Unterlagen
2014-07-27 18:29 - 2014-07-27 13:26 - 00000000 ____D () C:\Users\XXXXX\Desktop\DSLR Photos
2014-07-27 13:25 - 2014-07-27 13:25 - 00000000 ____D () C:\Users\XXXXX\Documents\LightZone

Some content of TEMP:
====================
C:\Users\XXXXX\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-23 14:34

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2014
Ran by XXXXX at 2014-08-26 13:49:45
Running from C:\Users\XXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Disabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Disabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Benutzerhandbuch (x32 Version: 1.0.0.17 - Lenovo) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.64.52.0 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Efficient Elements for presentations 1.5.0.431 (HKCU\...\ee4p_is1) (Version: 1.5.0.431 - Efficient Elements GmbH)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.29.00 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10227 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{F02F4A8B-1A5F-45B8-9B74-AAF21A2B1BCC}) (Version: 2.1.002.00 - Lenovo Group Limited)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MATLAB R2013a (32-bit) (HKLM-x32\...\Matlab R2013a) (Version: 8.1 - The MathWorks, Inc.)
MATLAB R2014a (32-bit) (HKLM-x32\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.15 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.9200.39036 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

21-08-2014 16:04:13 Removed Microsoft Office Professional Plus 2013
21-08-2014 16:04:43 PROPLUSR
25-08-2014 13:11:40 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10239A31-61B5-4237-8467-FE36EC996E04} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2EDAD50C-E782-40EF-A5FD-49FB0B7D6724} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3405A720-3FCF-4466-B9D9-9D866952ED7C} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4BE91F91-5C77-4151-92E2-F4D576785DB3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-19] (Microsoft Corporation)
Task: {55448157-F34C-4E2D-A93C-5EC76CD052D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6C5D2488-6AE3-4C39-A89E-C19DCD1891D5} - System32\Tasks\Lenovo\Experience Improvement Logon => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D13615A-D8D2-49CF-B094-E717E1E76039} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {856CBA86-7346-4CF9-BDFF-AF610CDEDAC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {95825273-3D43-4EC1-B3D9-1E35B26A00FD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9C23D5C6-C469-4033-90ED-A585755D082B} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C3ACD707-68BB-4597-BCB7-42ACCC5FB312} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {C694FABD-EAE9-45AB-AF13-50584A5F63C5} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-05-15] (Lenovo)
Task: {C902A460-3762-45EF-834B-64745252B39A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-08-18] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD4BDB85-FDD2-483F-910C-1704F0522E15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-12] (Google Inc.)
Task: {E24749DE-C6CB-497C-97C2-C5B3336EBD54} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-15] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F3FEA1A3-DB76-4659-9C62-FF67DD25AF0F} - System32\Tasks\MATLAB R2014a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {F509777B-AA43-46E7-8619-B6D7389B4162} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {F65FEAD4-514C-4435-A8AE-1A32452F353F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-15] (Lenovo)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a\bin\win32\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe

==================== Loaded Modules (whitelisted) =============

2013-12-26 20:42 - 2014-05-20 04:44 - 00014280 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-12 20:59 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-01-15 01:01 - 2012-11-06 07:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\07330653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\07330653.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-08-24 12:07:42.578
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-24 12:07:42.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-24 12:06:13.476
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Users\XXXXX\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 39%
Total physical RAM: 3993.77 MB
Available physical RAM: 2429.43 MB
Total Pagefile: 12185.77 MB
Available Pagefile: 10826.73 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:891.73 GB) (Free:811.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:13.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A7EB26D3)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.3 KB · Views: 0
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

P
  • Locked
Inactive Laptop shutting down before scan complete (logs inside)
Replies
2
Views
2K
Broni
Broni
N
Solved The specified service does not exist as an installed service
2
Replies
43
Views
13K
Broni
Broni
A
Solved My computer was hit by unknown malware
2
Replies
30
Views
11K
Broni
Broni

Latest posts

Back