Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My log file for ComboFix


  • Please log in to reply
29 replies to this topic

#1 wulfrudigerhes

wulfrudigerhes

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 March 2014 - 08:25 PM

I am referring to this topic :

http://www.bleepingcomputer.com/forums/t/527541/programs-delay-act-independently-crash-and-now-whole-computer-freezes/

 

I dont have the original log saved, so I made a new. After program execute, I was unable to reach this site(other sites I could but not this for some time)

Also I notice that firefox misses some functions now. Download box is gone, as well my "paste" property in mouseclick..

 

EDIT:

I added here the symptoms for you to help diagnoze what is wrong

-Constant delays in programs(crashes, unresponsible, long delays, weird behaviour)games(minimize, fps drops and freezes) net(packet loss, cant find website randomly, slow dl)

-Memory usage jumps sometimes causing long delays, complete freezes, graphic errors and monitor switching on / off

-Weird random cursor icons appearing

-Also switching off USB ports sometimes(headsets, keyboard, mouse)

What I ran previously:

-Memory Diagnostics

-Benchmark

-CPU Monitor tools

-Harrdisk monitor tools

-Driver updates

All seem ok in hardware.

For software(separately run, and logical order)

-Mwbytes Antimalware

-Spybot S&D

-Avast!

-Avira

-OTL

-RogueKiller and Rkiller

-Combofix

-SecurityCheck

-MWbytes extra tools (rootkit  & exploit)

-Online scanners (eset, bitdefender, f-secure)

 

Problems persists

 

I would suspect I am under attack of something or someone, since the symptoms are not constant, but rather come randomly

Furthermore, I will find new instances of malware even I dont visit untrusted websites

Attached Files


Edited by wulfrudigerhes, 15 March 2014 - 09:44 AM.


BC AdBot (Login to Remove)

 


#2 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 14 March 2014 - 08:42 PM

Attached File  ComboFix.txt   31.87KB   2 downloads



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 PM

Posted 18 March 2014 - 07:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

Let me know what problem persists.

#4 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 21 March 2014 - 08:44 PM

Hello, and thanks for helping me out! :)

I paste these in parts, since my pc will freeze at certain times, first adaware log.

I notice that the malfunction happens at certain times ONLY... for instance

midnight I could use programs freely, but at evening the pc could totaly flip

I notice SVCHost takes up lot of memory, and when it does the problems occur..

New firewall tells me that SVCHost randomly ask access for internet from weird address

Also RogueKill constantly terminates my Mobile Partners update executable OUC.exe

I thought it's false positive but is it?

 

 

 

# AdwCleaner v3.022 - Report created 22/03/2014 at 02:52:27
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : DMG - BAZZA
# Running from : C:\Users\DMG\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\uniblue
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\DMG\AppData\Roaming\searchgol
Folder Deleted : C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKCU\Software\5268fd1e13cba42
Key Deleted : HKLM\SOFTWARE\5268fd1e13cba42
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (fi)

[ File : C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\prefs.js ]

Line Deleted : user_pref("CT1750559.FF19Solved", "true");
Line Deleted : user_pref("CT1750559.UserID", "UN14489882182693029");
Line Deleted : user_pref("CT1750559.fullUserID", "UN14489882182693029.IN.20131015121732");
Line Deleted : user_pref("CT1750559.installDate", "15/10/2013 12:17:33");
Line Deleted : user_pref("CT1750559.installSessionId", "72c38d5d-fad7-4819-a183-62ad7b08c3ba");
Line Deleted : user_pref("CT1750559.installSp", "false");
Line Deleted : user_pref("CT1750559.installUsage", "13/03/2014 16:10:56");
Line Deleted : user_pref("CT1750559.installUsageEarly", "13/03/2014 16:10:56");
Line Deleted : user_pref("CT1750559.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT1750559.keyword", "true");
Line Deleted : user_pref("CT1750559.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT1750559.searchRevert", "false");
Line Deleted : user_pref("CT1750559.searchUninstallUserMode", "1");
Line Deleted : user_pref("CT1750559.searchUserMode", "1");
Line Deleted : user_pref("CT1750559.versionFromInstaller", "10.23.0.722");
Line Deleted : user_pref("CT1750559.xpeMode", "1");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("extensions.helperbar.BackPageActive", true);
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
Line Deleted : user_pref("extensions.helperbar.backPageDay", 14);
Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1394624526440");
Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
Line Deleted : user_pref("extensions.helperbar.barcodeid", "126634");
Line Deleted : user_pref("extensions.helperbar.countryiso", "fi");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "somotoch");
Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/www.superfish.com\\\\\\/ws\\\\\\/[...]
Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
Line Deleted : user_pref("extensions.helperbar.installationid", "ffd5db82-9993-1a7c-2514-d2496518272c");
Line Deleted : user_pref("extensions.helperbar.installdate", "14/03/2014");
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1394797326");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1394797332150");
Line Deleted : user_pref("extensions.helperbar.publisher", "somoto");
Line Deleted : user_pref("extensions.searchgol.admin", false);
Line Deleted : user_pref("extensions.searchgol.aflt", "babsst");
Line Deleted : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Line Deleted : user_pref("extensions.searchgol.autoRvrt", "false");
Line Deleted : user_pref("extensions.searchgol.dfltLng", "en");
Line Deleted : user_pref("extensions.searchgol.excTlbr", false);
Line Deleted : user_pref("extensions.searchgol.ffxUnstlRst", false);
Line Deleted : user_pref("extensions.searchgol.id", "90a8e0f3000000000000e069952ebe14");
Line Deleted : user_pref("extensions.searchgol.instlDay", "15989");
Line Deleted : user_pref("extensions.searchgol.instlRef", "sst");
Line Deleted : user_pref("extensions.searchgol.newTab", false);
Line Deleted : user_pref("extensions.searchgol.prdct", "searchgol");
Line Deleted : user_pref("extensions.searchgol.prtnrId", "searchgol");
Line Deleted : user_pref("extensions.searchgol.rvrt", "false");
Line Deleted : user_pref("extensions.searchgol.smplGrp", "none");
Line Deleted : user_pref("extensions.searchgol.tlbrId", "base");
Line Deleted : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Line Deleted : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1914:16:56");
Line Deleted : user_pref("extensions.searchgol.vrsni", "1.8.16.19");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT1750559");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&CUI=UN14489882182693029&UM=1&q=");
Line Deleted : user_pref("smartbar.machineId", "EFOIKU+QV8C3XVU4BMCTROKELET3O5K1LOEJLES5FR/XSFOD/4Q1XD/DGMZXTZONCB8OOGWM8WQXTWXSFMFKRA");

[ File : C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\wcwxluwx.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [26425 octets] - [04/10/2013 16:37:02]
AdwCleaner[R1].txt - [1070 octets] - [04/10/2013 19:53:41]
AdwCleaner[R2].txt - [8904 octets] - [22/03/2014 02:52:00]
AdwCleaner[S0].txt - [26700 octets] - [04/10/2013 16:38:33]
AdwCleaner[S1].txt - [1093 octets] - [04/10/2013 19:54:14]
AdwCleaner[S2].txt - [8828 octets] - [22/03/2014 02:52:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [8888 octets] ##########
 



#5 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 21 March 2014 - 09:21 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by DMG on la 22.03.2014 at  3:57:03,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\DMG\AppData\Roaming\getrighttogo"
Successfully deleted: [Empty Folder] C:\Users\DMG\appdata\local\{92F6693B-8E32-474B-AFD7-B539C6E21399}



~~~ FireFox

Emptied folder: C:\Users\DMG\AppData\Roaming\mozilla\firefox\profiles\5c58k92q.default\minidumps [46 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on la 22.03.2014 at  4:01:15,10
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#6 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 21 March 2014 - 09:28 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by DMG (administrator) on BAZZA on 22-03-2014 04:23:16
Running from C:\Users\DMG\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: 040B
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(COMODO) C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-13] (AVAST Software)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [COMODO] - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-05-26] (COMODO)
HKLM-x32\...\Run: [CPA] - C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-05-26] (COMODO)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-413630479-2637550238-690006299-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-413630479-2637550238-690006299-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-413630479-2637550238-690006299-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.yahoo.com?fr=fp-comodo
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x59EC376D0954CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fi
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://fi.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID -kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{598AD115-B153-4C4E-9669-D251020FEE90}: [NameServer]195.197.54.100 195.74.0.47
Tcpip\..\Interfaces\{8EFE8771-52D9-4A2C-8D1D-2C7E14529468}: [NameServer]195.197.54.100 195.74.0.47

FireFox:
========
FF ProfilePath: C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default
FF NewTab: about:blank
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?rls=org.mozilla:en-US:official&client=firefox-a&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\DMG\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\DMG\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bookplus-fi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-fi.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-fi.xml
FF Extension: HTTPS-Everywhere - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\https-everywhere@eff.org [2014-03-14]
FF Extension: DownloadHelper - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-21]
FF Extension: Bitdefender QuickScan - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-03-14]
FF Extension: Ghostery - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\firefox@ghostery.com.xpi [2014-03-14]
FF Extension: TrackMeNot - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-03-14]
FF Extension: NoScript - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-14]
FF Extension: Adblock Plus - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-14]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-13]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-13] (AVAST Software)
R2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [161080 2011-05-26] (COMODO)
R2 cmdagent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 Mobile Partner. RunOuc; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [655712 2014-03-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 i2p; "C:\Program Files (x86)\i2p\I2Psvc.exe" -s "C:\Program Files (x86)\i2p\wrapper.config"

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-13] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-13] ()
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 cpuz134; C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [21480 2010-07-09] (Windows ® Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-14] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7168 2006-12-26] (Chic)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\DMG\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 04:23 - 2014-03-22 04:23 - 00018481 _____ () C:\Users\DMG\Downloads\FRST.txt
2014-03-22 04:21 - 2014-03-22 04:21 - 02157056 _____ (Farbar) C:\Users\DMG\Downloads\FRST64.exe
2014-03-22 04:01 - 2014-03-22 04:01 - 00000966 _____ () C:\Users\DMG\Desktop\JRT.txt
2014-03-22 03:44 - 2014-03-22 03:44 - 01037734 _____ (Thisisu) C:\Users\DMG\Desktop\JRT.exe
2014-03-22 02:50 - 2014-03-22 02:50 - 00000000 _____ () C:\Users\DMG\Downloads\Uusi tekstiasiakirja.txt
2014-03-22 02:38 - 2014-03-22 02:38 - 01950720 _____ () C:\Users\DMG\Downloads\adwcleaner.exe
2014-03-21 14:03 - 2014-03-21 14:04 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\vlc
2014-03-21 13:32 - 2014-03-21 14:52 - 00000000 ____D () C:\Users\DMG\Desktop\gammaray
2014-03-21 13:07 - 2014-03-21 13:53 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-03-21 13:07 - 2014-03-21 13:50 - 00000000 ____D () C:\ProgramData\iSkysoft Free Video Downloader
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\Users\DMG\AppData\Local\iSkysoft
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-03-18 15:22 - 2014-03-18 15:22 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 15:17 - 2014-03-18 15:19 - 00000000 ____D () C:\Users\DMG\Desktop\automusiik
2014-03-17 22:49 - 2014-03-17 22:49 - 00002025 _____ () C:\Users\DMG\Desktop\aswMBR.txt
2014-03-17 22:49 - 2014-03-17 22:49 - 00000512 _____ () C:\Users\DMG\Desktop\MBR.dat
2014-03-17 22:37 - 2014-03-17 22:37 - 04745728 _____ (AVAST Software) C:\Users\DMG\Desktop\aswMBR.exe
2014-03-17 22:33 - 2014-03-17 22:34 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\DMG\Desktop\tdsskiller.exe
2014-03-17 21:49 - 2012-11-08 01:37 - 00041240 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-03-16 00:59 - 2014-03-16 00:59 - 00000000 ____D () C:\Users\Public\Documents\COMODO
2014-03-16 00:58 - 2014-03-16 00:58 - 00001039 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-03-16 00:56 - 2014-03-16 00:55 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00421888 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00223744 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00098304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00087040 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00072192 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-03-16 00:56 - 2014-03-16 00:55 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-03-16 00:49 - 2014-03-16 00:58 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-03-16 00:45 - 2014-03-16 00:45 - 00001846 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-03-16 00:43 - 2014-03-16 00:45 - 00000000 ____D () C:\ProgramData\Comodo
2014-03-16 00:43 - 2014-03-16 00:45 - 00000000 ____D () C:\Program Files\COMODO
2014-03-16 00:43 - 2014-03-16 00:43 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-03-16 00:43 - 2014-03-16 00:43 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-03-16 00:43 - 2014-03-16 00:43 - 00001045 _____ () C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2014-03-16 00:40 - 2014-03-16 00:40 - 00001471 _____ () C:\Users\DMG\Desktop\RKreport[0]_H_03162014_004000.txt
2014-03-16 00:40 - 2014-03-16 00:40 - 00001251 _____ () C:\Users\DMG\Desktop\RKreport[0]_DN_03162014_004005.txt
2014-03-16 00:40 - 2014-03-16 00:40 - 00000894 _____ () C:\Users\DMG\Desktop\RKreport[0]_PR_03162014_004004.txt
2014-03-16 00:39 - 2014-03-16 00:39 - 00002289 _____ () C:\Users\DMG\Desktop\RKreport[0]_D_03162014_003949.txt
2014-03-16 00:38 - 2014-03-16 00:38 - 00002590 _____ () C:\Users\DMG\Desktop\RKreport[0]_S_03162014_003833.txt
2014-03-16 00:20 - 2014-03-22 03:54 - 00005130 _____ () C:\Windows\setupact.log
2014-03-16 00:20 - 2014-03-16 00:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-16 00:19 - 2014-03-17 22:53 - 00195216 _____ () C:\Windows\PFRO.log
2014-03-15 16:53 - 2014-03-15 16:53 - 00003672 _____ () C:\Users\DMG\Desktop\Rkill.txt
2014-03-15 10:36 - 2014-03-21 14:10 - 00000000 ____D () C:\Users\DMG\AppData\Local\CrashDumps
2014-03-15 07:33 - 2014-03-15 07:33 - 06220854 _____ () C:\Users\DMG\Desktop\Uusi bittikarttakuva.bmp
2014-03-15 04:18 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-03-15 04:18 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-03-15 04:18 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-03-15 03:21 - 2014-03-15 03:21 - 00032638 _____ () C:\ComboFix.txt
2014-03-14 21:48 - 2014-03-14 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-14 21:17 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-14 21:17 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-14 20:46 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-03-14 20:46 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-14 20:46 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-14 20:46 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-03-14 20:46 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-03-14 20:46 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-14 20:46 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-14 20:46 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-03-14 20:46 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-03-14 20:46 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-03-14 20:46 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-03-14 20:46 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-03-14 20:46 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-14 20:46 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-03-14 20:46 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-03-14 20:46 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-03-14 20:45 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-03-14 20:45 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-03-14 20:45 - 2012-08-23 16:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-03-14 20:45 - 2012-08-23 15:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-14 20:45 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-03-14 20:45 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-03-14 20:45 - 2012-08-23 11:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-03-14 20:44 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-03-14 20:44 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-03-14 20:30 - 2014-03-14 20:30 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\f-secure
2014-03-14 20:30 - 2014-03-14 20:30 - 00000000 ____D () C:\ProgramData\F-Secure
2014-03-14 16:20 - 2014-03-14 13:07 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140314-162030.backup
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\DMG\Documents\ProcAlyzer Dumps
2014-03-14 14:02 - 2014-03-16 00:40 - 00000000 ____D () C:\Users\DMG\Desktop\RK_Quarantine
2014-03-14 13:53 - 2014-03-22 04:23 - 00000000 ____D () C:\FRST
2014-03-14 13:52 - 2014-03-14 16:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-14 13:52 - 2014-03-14 14:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-14 13:52 - 2014-03-14 13:52 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-14 13:52 - 2014-03-14 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-14 13:52 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-03-14 13:44 - 2014-03-14 13:44 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2014-03-14 13:43 - 2014-03-14 13:43 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-14 13:40 - 2014-03-14 13:40 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-03-14 13:40 - 2014-03-14 13:40 - 00001910 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-03-14 13:40 - 2014-03-14 13:40 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-03-14 13:33 - 2014-03-14 13:33 - 00000000 ____D () C:\Users\DMG\AppData\Local\Secunia PSI
2014-03-14 13:32 - 2014-03-14 13:32 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-14 12:55 - 2014-03-15 03:21 - 00000000 ____D () C:\Qoobox
2014-03-14 12:55 - 2014-03-14 13:09 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 12:55 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-14 12:55 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-14 12:55 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-14 12:55 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-14 12:55 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-14 12:55 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-14 12:55 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-14 12:55 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-14 12:53 - 2014-03-14 12:54 - 05190279 ____R (Swearware) C:\Users\DMG\Desktop\ComboFix.exe
2014-03-14 11:48 - 2014-03-14 11:48 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 11:48 - 2014-03-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-14 11:45 - 2014-03-14 11:45 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\QuickScan
2014-03-14 11:22 - 2014-03-14 11:22 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\FreeStone Group
2014-03-14 10:56 - 2014-03-14 10:56 - 00002151 _____ () C:\Users\DMG\Desktop\Video Card Stability Test.lnk
2014-03-14 10:56 - 2014-03-14 10:56 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Card Stability Test
2014-03-14 10:56 - 2014-03-14 10:56 - 00000000 ____D () C:\Program Files (x86)\Video Card Stability Test
2014-03-14 09:53 - 2014-03-14 10:11 - 00000000 ____D () C:\Users\DMG\Downloads\Leffat & sarjat
2014-03-14 09:51 - 2014-03-14 09:54 - 00000000 ____D () C:\Users\DMG\Downloads\Pelit
2014-03-14 09:51 - 2014-03-14 09:51 - 00000000 ____D () C:\Users\DMG\Downloads\e-books
2014-03-14 08:42 - 2014-03-14 09:45 - 00000000 ____D () C:\Users\DMG\Desktop\Kaikki musiikki
2014-03-14 08:36 - 2014-03-15 04:08 - 00000000 ____D () C:\Users\DMG\Desktop\paskaa
2014-03-14 08:04 - 2014-03-14 08:04 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-03-14 08:04 - 2014-03-14 08:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-14 08:01 - 2014-03-14 08:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-14 07:59 - 2014-03-14 08:12 - 00000000 ____D () C:\Users\DMG\Desktop\mbar
2014-03-13 17:24 - 2014-03-13 17:25 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-03-13 17:24 - 2014-03-13 17:24 - 00001146 _____ () C:\Users\DMG\Desktop\CrystalDiskInfo.lnk
2014-03-13 16:08 - 2014-03-13 16:08 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-13 15:58 - 2014-03-13 15:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-13 15:45 - 2014-03-13 15:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-13 15:45 - 2014-03-13 15:45 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\AVAST Software
2014-03-13 15:44 - 2014-03-18 12:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-13 15:44 - 2014-03-13 15:44 - 00000000 ____D () C:\Users\DMG\Documents\My Avast EasyPass Data
2014-03-13 15:44 - 2014-03-13 15:44 - 00000000 ____D () C:\ProgramData\RoboForm
2014-03-13 15:43 - 2014-03-13 15:42 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-13 15:43 - 2014-03-13 15:42 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-13 15:42 - 2014-03-13 15:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-11 22:17 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 22:17 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 22:17 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 22:17 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 22:17 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 22:17 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 22:17 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 22:17 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 22:17 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 22:17 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 22:17 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 22:17 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 22:17 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 22:17 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 22:17 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 22:17 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 22:17 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 22:17 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 22:17 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 22:17 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 22:17 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 22:17 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 22:17 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 22:17 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 22:17 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 22:17 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 22:17 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 22:17 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 22:17 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 22:17 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 22:17 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 22:17 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 22:17 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 22:17 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 22:17 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 22:17 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 22:17 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 22:17 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 22:17 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 22:17 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 22:17 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 22:17 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 22:17 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 22:17 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 22:16 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 22:16 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 22:16 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 22:16 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-07 03:41 - 2014-03-07 03:41 - 00000000 ____D () C:\Users\DMG\AppData\Local\Blizzard Entertainment
2014-03-04 05:25 - 2014-03-04 05:26 - 00000803 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-03-04 05:25 - 2014-03-04 05:26 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-04 05:22 - 2014-03-04 05:23 - 00000000 ____D () C:\ProgramData\Battle.net
2014-02-27 00:15 - 2014-02-27 00:15 - 00000000 ____D () C:\Users\DMG\Documents\My Games
2014-02-27 00:15 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-02-27 00:15 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-02-27 00:15 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-02-27 00:15 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-02-27 00:15 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-02-27 00:15 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-02-27 00:15 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-02-27 00:15 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-02-27 00:15 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-02-27 00:15 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-02-27 00:15 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-27 00:15 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-02-27 00:15 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-27 00:15 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-02-27 00:15 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-02-27 00:15 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-02-27 00:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-02-27 00:15 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-02-27 00:15 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-02-27 00:15 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-02-27 00:15 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-02-27 00:15 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-02-27 00:15 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-02-27 00:15 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-02-27 00:15 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-02-27 00:15 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-02-27 00:15 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-27 00:15 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-27 00:15 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-27 00:15 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-27 00:15 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-27 00:15 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-27 00:15 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-27 00:15 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-27 00:15 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-27 00:15 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-27 00:15 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-27 00:15 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-27 00:15 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-27 00:15 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-27 00:15 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-27 00:15 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-27 00:15 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-27 00:15 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-27 00:15 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-27 00:15 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-27 00:15 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-27 00:15 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-27 00:15 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-27 00:15 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-27 00:15 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-27 00:15 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-27 00:15 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-27 00:14 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-27 00:14 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-27 00:14 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-27 00:14 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-27 00:14 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-27 00:14 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-27 00:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-27 00:14 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-27 00:14 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-27 00:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-27 00:14 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-27 00:14 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-27 00:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-27 00:14 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-27 00:14 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-27 00:14 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-27 00:14 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-27 00:14 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-27 00:14 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-27 00:14 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-27 00:14 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-27 00:14 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-27 00:14 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-27 00:14 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-27 00:14 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-27 00:14 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-27 00:14 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-27 00:14 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-27 00:14 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-27 00:14 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-27 00:14 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-27 00:14 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-27 00:14 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-27 00:14 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-27 00:14 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-27 00:14 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-27 00:14 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-27 00:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-27 00:14 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-27 00:14 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-27 00:14 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-27 00:14 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-27 00:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-27 00:14 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-27 00:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-27 00:14 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-27 00:14 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-27 00:14 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-27 00:14 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-27 00:14 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-27 00:14 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-27 00:14 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-27 00:14 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-27 00:14 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-27 00:14 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-27 00:14 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-27 00:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-27 00:14 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-27 00:14 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-27 00:14 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-27 00:14 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-26 01:04 - 2014-02-27 02:17 - 01328698 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-23 13:17 - 2014-02-23 13:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 13:16 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-23 13:16 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-23 13:16 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-23 13:16 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-23 13:15 - 2014-02-23 13:16 - 00005840 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-21 12:02 - 2014-02-21 12:02 - 00000222 _____ () C:\Users\DMG\Desktop\Path of Exile.url
2014-02-21 12:02 - 2014-02-21 12:02 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

==================== One Month Modified Files and Folders =======

2014-03-22 04:23 - 2014-03-22 04:23 - 00018481 _____ () C:\Users\DMG\Downloads\FRST.txt
2014-03-22 04:23 - 2014-03-14 13:53 - 00000000 ____D () C:\FRST
2014-03-22 04:21 - 2014-03-22 04:21 - 02157056 _____ (Farbar) C:\Users\DMG\Downloads\FRST64.exe
2014-03-22 04:04 - 2009-07-14 06:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 04:04 - 2009-07-14 06:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 04:02 - 2013-01-25 17:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 04:02 - 2011-04-12 12:42 - 00481576 _____ () C:\Windows\system32\perfh00B.dat
2014-03-22 04:02 - 2011-04-12 12:42 - 00101668 _____ () C:\Windows\system32\perfc00B.dat
2014-03-22 04:02 - 2009-07-14 07:13 - 01355186 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 04:01 - 2014-03-22 04:01 - 00000966 _____ () C:\Users\DMG\Desktop\JRT.txt
2014-03-22 03:57 - 2011-08-01 16:13 - 01109704 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 03:56 - 2014-02-13 22:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-22 03:54 - 2014-03-16 00:20 - 00005130 _____ () C:\Windows\setupact.log
2014-03-22 03:54 - 2011-08-01 16:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-22 03:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 03:44 - 2014-03-22 03:44 - 01037734 _____ (Thisisu) C:\Users\DMG\Desktop\JRT.exe
2014-03-22 02:52 - 2013-10-04 16:36 - 00000000 ____D () C:\AdwCleaner
2014-03-22 02:50 - 2014-03-22 02:50 - 00000000 _____ () C:\Users\DMG\Downloads\Uusi tekstiasiakirja.txt
2014-03-22 02:38 - 2014-03-22 02:38 - 01950720 _____ () C:\Users\DMG\Downloads\adwcleaner.exe
2014-03-22 02:38 - 2012-10-01 15:29 - 00000000 ____D () C:\Users\DMG\AppData\Local\PMB Files
2014-03-21 14:52 - 2014-03-21 13:32 - 00000000 ____D () C:\Users\DMG\Desktop\gammaray
2014-03-21 14:16 - 2013-10-12 19:39 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\uTorrent
2014-03-21 14:10 - 2014-03-15 10:36 - 00000000 ____D () C:\Users\DMG\AppData\Local\CrashDumps
2014-03-21 14:04 - 2014-03-21 14:03 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\vlc
2014-03-21 13:53 - 2014-03-21 13:07 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-03-21 13:50 - 2014-03-21 13:07 - 00000000 ____D () C:\ProgramData\iSkysoft Free Video Downloader
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\Users\DMG\AppData\Local\iSkysoft
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2014-03-21 13:07 - 2014-03-21 13:07 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2014-03-21 04:18 - 2012-10-01 15:28 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-18 15:22 - 2014-03-18 15:22 - 00000000 ____D () C:\ProgramData\Real
2014-03-18 15:19 - 2014-03-18 15:17 - 00000000 ____D () C:\Users\DMG\Desktop\automusiik
2014-03-18 12:18 - 2014-03-13 15:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-17 22:53 - 2014-03-16 00:19 - 00195216 _____ () C:\Windows\PFRO.log
2014-03-17 22:49 - 2014-03-17 22:49 - 00002025 _____ () C:\Users\DMG\Desktop\aswMBR.txt
2014-03-17 22:49 - 2014-03-17 22:49 - 00000512 _____ () C:\Users\DMG\Desktop\MBR.dat
2014-03-17 22:37 - 2014-03-17 22:37 - 04745728 _____ (AVAST Software) C:\Users\DMG\Desktop\aswMBR.exe
2014-03-17 22:34 - 2014-03-17 22:33 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\DMG\Desktop\tdsskiller.exe
2014-03-16 20:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-03-16 00:59 - 2014-03-16 00:59 - 00000000 ____D () C:\Users\Public\Documents\COMODO
2014-03-16 00:58 - 2014-03-16 00:58 - 00001039 _____ () C:\Users\Public\Desktop\Mobile Partner.lnk
2014-03-16 00:58 - 2014-03-16 00:49 - 00000000 ____D () C:\Program Files (x86)\Mobile Partner
2014-03-16 00:57 - 2013-10-12 11:57 - 00000000 ____D () C:\ProgramData\DatacardService
2014-03-16 00:55 - 2014-03-16 00:56 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00421888 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00223744 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00223232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00098304 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00087040 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00072192 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-03-16 00:55 - 2014-03-16 00:56 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-03-16 00:55 - 2013-10-12 11:58 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-03-16 00:55 - 2008-03-27 22:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-03-16 00:45 - 2014-03-16 00:45 - 00001846 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-03-16 00:45 - 2014-03-16 00:43 - 00000000 ____D () C:\ProgramData\Comodo
2014-03-16 00:45 - 2014-03-16 00:43 - 00000000 ____D () C:\Program Files\COMODO
2014-03-16 00:43 - 2014-03-16 00:43 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-03-16 00:43 - 2014-03-16 00:43 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2014-03-16 00:43 - 2014-03-16 00:43 - 00001045 _____ () C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2014-03-16 00:40 - 2014-03-16 00:40 - 00001471 _____ () C:\Users\DMG\Desktop\RKreport[0]_H_03162014_004000.txt
2014-03-16 00:40 - 2014-03-16 00:40 - 00001251 _____ () C:\Users\DMG\Desktop\RKreport[0]_DN_03162014_004005.txt
2014-03-16 00:40 - 2014-03-16 00:40 - 00000894 _____ () C:\Users\DMG\Desktop\RKreport[0]_PR_03162014_004004.txt
2014-03-16 00:40 - 2014-03-14 14:02 - 00000000 ____D () C:\Users\DMG\Desktop\RK_Quarantine
2014-03-16 00:39 - 2014-03-16 00:39 - 00002289 _____ () C:\Users\DMG\Desktop\RKreport[0]_D_03162014_003949.txt
2014-03-16 00:38 - 2014-03-16 00:38 - 00002590 _____ () C:\Users\DMG\Desktop\RKreport[0]_S_03162014_003833.txt
2014-03-16 00:20 - 2014-03-16 00:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 16:53 - 2014-03-15 16:53 - 00003672 _____ () C:\Users\DMG\Desktop\Rkill.txt
2014-03-15 16:48 - 2011-09-12 23:40 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\DAEMON Tools Lite
2014-03-15 07:33 - 2014-03-15 07:33 - 06220854 _____ () C:\Users\DMG\Desktop\Uusi bittikarttakuva.bmp
2014-03-15 04:19 - 2013-10-18 17:02 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Riot Games
2014-03-15 04:18 - 2013-10-18 17:03 - 00001613 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-03-15 04:08 - 2014-03-14 08:36 - 00000000 ____D () C:\Users\DMG\Desktop\paskaa
2014-03-15 03:21 - 2014-03-15 03:21 - 00032638 _____ () C:\ComboFix.txt
2014-03-15 03:21 - 2014-03-14 12:55 - 00000000 ____D () C:\Qoobox
2014-03-15 03:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-14 21:48 - 2014-03-14 21:48 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-14 20:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-14 20:50 - 2011-08-01 16:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-03-14 20:50 - 2011-08-01 16:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-14 20:30 - 2014-03-14 20:30 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\f-secure
2014-03-14 20:30 - 2014-03-14 20:30 - 00000000 ____D () C:\ProgramData\F-Secure
2014-03-14 17:14 - 2009-07-14 06:45 - 00298000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 16:16 - 2014-03-14 13:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-03-14 15:37 - 2014-03-14 15:37 - 00000000 ____D () C:\Users\DMG\Documents\ProcAlyzer Dumps
2014-03-14 15:23 - 2011-08-05 16:43 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\BSplayer
2014-03-14 15:15 - 2012-01-28 03:08 - 00029184 _____ () C:\Users\DMG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-14 14:08 - 2014-03-14 13:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-03-14 13:52 - 2014-03-14 13:52 - 00001339 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-03-14 13:52 - 2014-03-14 13:52 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-03-14 13:47 - 2011-08-02 10:31 - 00064768 _____ () C:\Users\DMG\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-14 13:44 - 2014-03-14 13:44 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2014-03-14 13:43 - 2014-03-14 13:43 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-14 13:43 - 2011-12-19 12:56 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-14 13:40 - 2014-03-14 13:40 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-03-14 13:40 - 2014-03-14 13:40 - 00001910 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-03-14 13:40 - 2014-03-14 13:40 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-03-14 13:36 - 2011-08-01 16:24 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-03-14 13:35 - 2012-05-11 04:54 - 00000000 ____D () C:\Program Files\Media Player Classic - Home Cinema
2014-03-14 13:33 - 2014-03-14 13:33 - 00000000 ____D () C:\Users\DMG\AppData\Local\Secunia PSI
2014-03-14 13:32 - 2014-03-14 13:32 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-03-14 13:10 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-14 13:09 - 2014-03-14 12:55 - 00000000 ____D () C:\Windows\erdnt
2014-03-14 13:07 - 2014-03-14 16:20 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140314-162030.backup
2014-03-14 13:03 - 2009-07-14 04:34 - 65536000 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-14 13:03 - 2009-07-14 04:34 - 24379392 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-14 13:03 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-14 13:03 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-14 13:03 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-14 12:54 - 2014-03-14 12:53 - 05190279 ____R (Swearware) C:\Users\DMG\Desktop\ComboFix.exe
2014-03-14 12:49 - 2009-07-14 07:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-14 11:48 - 2014-03-14 11:48 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 11:48 - 2014-03-14 11:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:45 - 2014-03-14 11:45 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\QuickScan
2014-03-14 11:22 - 2014-03-14 11:22 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\FreeStone Group
2014-03-14 10:56 - 2014-03-14 10:56 - 00002151 _____ () C:\Users\DMG\Desktop\Video Card Stability Test.lnk
2014-03-14 10:56 - 2014-03-14 10:56 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Card Stability Test
2014-03-14 10:56 - 2014-03-14 10:56 - 00000000 ____D () C:\Program Files (x86)\Video Card Stability Test
2014-03-14 10:26 - 2011-08-13 11:04 - 00000000 ____D () C:\Users\DMG\Documents\DVDVideoSoft
2014-03-14 10:16 - 2011-08-01 16:13 - 00000000 ____D () C:\Users\DMG
2014-03-14 10:11 - 2014-03-14 09:53 - 00000000 ____D () C:\Users\DMG\Downloads\Leffat & sarjat
2014-03-14 09:54 - 2014-03-14 09:51 - 00000000 ____D () C:\Users\DMG\Downloads\Pelit
2014-03-14 09:51 - 2014-03-14 09:51 - 00000000 ____D () C:\Users\DMG\Downloads\e-books
2014-03-14 09:45 - 2014-03-14 08:42 - 00000000 ____D () C:\Users\DMG\Desktop\Kaikki musiikki
2014-03-14 08:47 - 2011-09-19 15:24 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-03-14 08:12 - 2014-03-14 08:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-14 08:12 - 2014-03-14 07:59 - 00000000 ____D () C:\Users\DMG\Desktop\mbar
2014-03-14 08:05 - 2011-08-08 00:16 - 00000000 ____D () C:\Users\DMG\AppData\Local\Windows Live
2014-03-14 08:04 - 2014-03-14 08:04 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-03-14 08:04 - 2014-03-14 08:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-03-14 08:04 - 2011-11-05 23:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-13 19:26 - 2013-11-22 03:14 - 00000000 ____D () C:\Program Files (x86)\Angry Video Game Nerd Adventures
2014-03-13 17:25 - 2014-03-13 17:24 - 00000000 ____D () C:\Program Files (x86)\CrystalDiskInfo
2014-03-13 17:24 - 2014-03-13 17:24 - 00001146 _____ () C:\Users\DMG\Desktop\CrystalDiskInfo.lnk
2014-03-13 17:22 - 2012-02-08 18:42 - 00007607 _____ () C:\Users\DMG\AppData\Local\Resmon.ResmonCfg
2014-03-13 16:25 - 2011-08-02 10:30 - 00000000 ____D () C:\Users\DMG\AppData\Local\Google
2014-03-13 16:14 - 2013-10-11 14:59 - 00000000 ____D () C:\ProgramData\Freemake
2014-03-13 16:14 - 2013-10-11 14:59 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-03-13 16:13 - 2013-10-15 11:18 - 00001082 _____ () C:\Users\Public\Desktop\BS.Player FREE.lnk
2014-03-13 16:12 - 2011-08-05 16:43 - 00000000 ____D () C:\Program Files (x86)\Webteh
2014-03-13 16:08 - 2014-03-13 16:08 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-13 16:08 - 2012-05-03 21:00 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-13 16:05 - 2013-01-14 18:04 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-03-13 16:02 - 2011-08-02 10:31 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-13 16:02 - 2011-08-02 10:31 - 00000000 ____D () C:\Program Files\WinRAR
2014-03-13 15:58 - 2014-03-13 15:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-13 15:58 - 2014-03-13 15:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-13 15:55 - 2012-03-15 15:22 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Media Player Classic
2014-03-13 15:55 - 2011-08-01 21:30 - 00000000 ____D () C:\Windows\Panther
2014-03-13 15:48 - 2014-01-08 10:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-13 15:45 - 2014-03-13 15:45 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-13 15:45 - 2014-03-13 15:45 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\AVAST Software
2014-03-13 15:44 - 2014-03-13 15:44 - 00000000 ____D () C:\Users\DMG\Documents\My Avast EasyPass Data
2014-03-13 15:44 - 2014-03-13 15:44 - 00000000 ____D () C:\ProgramData\RoboForm
2014-03-13 15:42 - 2014-03-13 15:43 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-13 15:42 - 2014-03-13 15:43 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-13 15:42 - 2014-03-13 15:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-13 15:42 - 2013-10-13 10:06 - 00000000 ____D () C:\Users\DMG\AppData\Local\TomTom
2014-03-13 15:42 - 2012-01-17 18:52 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-13 15:41 - 2012-01-17 18:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-13 15:40 - 2013-10-03 19:33 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 12:17 - 2011-08-05 16:41 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Skype
2014-03-12 15:18 - 2013-03-16 03:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 15:18 - 2013-03-16 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 22:02 - 2013-01-25 17:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:02 - 2013-01-25 17:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:02 - 2011-08-02 10:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-07 03:41 - 2014-03-07 03:41 - 00000000 ____D () C:\Users\DMG\AppData\Local\Blizzard Entertainment
2014-03-04 05:26 - 2014-03-04 05:25 - 00000803 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2014-03-04 05:26 - 2014-03-04 05:25 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-03-04 05:23 - 2014-03-04 05:22 - 00000000 ____D () C:\ProgramData\Battle.net
2014-03-02 14:05 - 2011-08-01 17:03 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-01 08:05 - 2014-03-11 22:17 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 07:17 - 2014-03-11 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 07:16 - 2014-03-11 22:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 06:58 - 2014-03-11 22:17 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 06:52 - 2014-03-11 22:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 06:51 - 2014-03-11 22:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 06:42 - 2014-03-11 22:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 06:40 - 2014-03-11 22:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 06:37 - 2014-03-11 22:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 06:33 - 2014-03-11 22:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 06:33 - 2014-03-11 22:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 06:32 - 2014-03-11 22:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 06:30 - 2014-03-11 22:17 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 06:23 - 2014-03-11 22:17 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 06:17 - 2014-03-11 22:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 06:11 - 2014-03-11 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 06:02 - 2014-03-11 22:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 05:54 - 2014-03-11 22:17 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 05:52 - 2014-03-11 22:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 05:51 - 2014-03-11 22:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 05:47 - 2014-03-11 22:17 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 05:43 - 2014-03-11 22:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 05:43 - 2014-03-11 22:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 05:42 - 2014-03-11 22:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 05:40 - 2014-03-11 22:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 05:38 - 2014-03-11 22:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 05:37 - 2014-03-11 22:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 05:35 - 2014-03-11 22:17 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 05:18 - 2014-03-11 22:17 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 05:16 - 2014-03-11 22:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 05:14 - 2014-03-11 22:17 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 05:10 - 2014-03-11 22:17 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 05:03 - 2014-03-11 22:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 05:00 - 2014-03-11 22:17 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 04:57 - 2014-03-11 22:17 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 04:38 - 2014-03-11 22:17 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 04:32 - 2014-03-11 22:17 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 04:27 - 2014-03-11 22:17 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 04:25 - 2014-03-11 22:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 04:25 - 2014-03-11 22:17 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 02:17 - 2014-02-26 01:04 - 01328698 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 00:15 - 2014-02-27 00:15 - 00000000 ____D () C:\Users\DMG\Documents\My Games
2014-02-26 01:01 - 2013-01-30 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-26 01:01 - 2011-08-05 16:41 - 00000000 ____D () C:\ProgramData\Skype
2014-02-23 13:19 - 2011-12-20 17:11 - 00000000 ____D () C:\Users\DMG\AppData\Local\Adobe
2014-02-23 13:17 - 2014-02-23 13:17 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-23 13:16 - 2014-02-23 13:15 - 00005840 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-23 13:16 - 2011-08-02 10:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-21 12:02 - 2014-02-21 12:02 - 00000222 _____ () C:\Users\DMG\Desktop\Path of Exile.url
2014-02-21 12:02 - 2014-02-21 12:02 - 00000000 ____D () C:\Users\DMG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

Some content of TEMP:
====================
C:\Users\DMG\AppData\Local\Temp\lowproc.exe
C:\Users\DMG\AppData\Local\Temp\ntdll_dump.dll
C:\Users\DMG\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-21 00:18

==================== End Of Log ============================

 

 

cant find addition.txt


Edited by wulfrudigerhes, 21 March 2014 - 09:29 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 PM

Posted 22 March 2014 - 07:33 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
BHO-x32: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: Ghostery - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\firefox@ghostery.com.xpi [2014-03-14]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\DMG\AppData\Local\Temp\GPU-Z.sys [X]
C:\Users\DMG\AppData\Local\Temp\lowproc.exe
C:\Users\DMG\AppData\Local\Temp\ntdll_dump.dll
C:\Users\DMG\AppData\Local\Temp\stubhelper.dll

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Restart the computer normally to complete the fix.
====

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Keep me posted on the issues.

#8 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 22 March 2014 - 07:56 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by DMG at 2014-03-23 02:52:58 Run:1
Running from C:\Users\DMG\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BHO: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
BHO-x32: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll No File
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: Ghostery - C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\firefox@ghostery.com.xpi [2014-03-14]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 GPU-Z; \??\C:\Users\DMG\AppData\Local\Temp\GPU-Z.sys [X]
C:\Users\DMG\AppData\Local\Temp\lowproc.exe
C:\Users\DMG\AppData\Local\Temp\ntdll_dump.dll
C:\Users\DMG\AppData\Local\Temp\stubhelper.dll

end

*****************

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKCR\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => Value deleted successfully.
HKCR\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{724d43a0-0d85-11d4-9908-00400523e39a} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{724d43a0-0d85-11d4-9908-00400523e39a} => Key deleted successfully.
HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File => Key not found.
"FF Plugin: @microsoft.com/GENUINE - disabled No File" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\DMG\AppData\Roaming\Mozilla\Firefox\Profiles\5c58k92q.default\Extensions\firefox@ghostery.com.xpi => Moved successfully.
catchme => Service deleted successfully.
GPU-Z => Service deleted successfully.
C:\Users\DMG\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\DMG\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\DMG\AppData\Local\Temp\stubhelper.dll => Moved successfully.

==== End of Fixlog ====

 

 

 Results of screen317's Security Check version 0.99.81  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Secunia PSI (3.0.0.9016)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader XI  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled!
 Comodo Firewall cmdagent.exe
 Comodo Firewall cfp.exe
 Malwarebytes Anti-Exploit mbae.exe   
 system32 AvastSvc.exe -?-   
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

 

 

 

 



#9 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 22 March 2014 - 07:58 PM

I understand some things, but could you also keep me up on your observings so far? And what is going on :)

Thank you



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 PM

Posted 23 March 2014 - 07:46 AM

The tools removed the PUP (Potentially Unwanted Program) installed without your consent. They usually come with the free programs.

Your logs are not clean.

Any remaining issues?

#11 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 25 March 2014 - 01:51 PM

Hello :D, heres what I perceive

All issues remain, usually after starting pc or connecting to internet

-Programs unresponds for long time, or crash to whole pc

-Flash crashes all the time

-Mouse cursor will change transparent or some random icon (what is big ellipse, I have never seen it)

-This does not happen always! Sometimes I don't have any problem running software, sometimes I can't start a game or browser but I have to restart and then it will happen over and over again

 

-Weird problem with USB/ wire connections! Sometimes headphones/soundsystem/keyboard/mouse will not work, or stop working until I reconnect the wire, OR change the USB port. Also the right side of headphones will not give sound(tried changing kb, mice headphones - problems still persist)

 

-i am currently on another network, some of the problems are milder now since I don't use mobile partner (UAC.exe recognized by RogueKiller, false positive??)

-Firewall will randomly ask for some programs to connect to network, even they shouldn't - something weird going on with svchost.exe??

 

 

+earlier programs connected to network without permission, program x-fire logged on and said ("random user name" has connected) even when it was not running.

 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 PM

Posted 26 March 2014 - 07:28 AM


-i am currently on another network, some of the problems are milder now since I don't use mobile partner (UAC.exe recognized by RogueKiller, false positive??)

This program is normally safe. RogueKiller will disable it while it's working.
===

Too many things are wrong, let try this.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#13 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 01 April 2014 - 04:47 AM

Hello again, and thanks for all the help given so far.. :)

I have been operating the system for few days after the fixes,

at first it seemed like it was back to normal behaviour.

However, the problem seems to be back now :(

I think there's a connection with using browser(tried to reinstall mozilla but no help)

 

Would it be best option to make a fresh install, or would you think it's something else that causes this?

 

Edit: Is dllhost.exe a safe file? (3 instances running) I see all kinds of processes running that would seem safe but I am not sure

Is svchost.exe supposed to run 10 duplicates?

Now the screen is going black for ~5 seconds after action taken(program launch, control panel etc)


Edited by wulfrudigerhes, 01 April 2014 - 05:17 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 PM

Posted 01 April 2014 - 07:23 AM

Run the fix on this page.

Reset Firefox preferences to troubleshoot and fix problems
https://support.mozilla.org/en-US/kb/reset-preferences-fix-problems

Let me know if the problem persists.

#15 wulfrudigerhes

wulfrudigerhes
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 April 2014 - 12:27 PM

Hmm... I'd like to scratch that what I said about browser, the problem is not with it. Seems like it just happens randomly..

 

Just an extra question, what does it tell me... All of a sudden, svchost.exe is trying to access the internet. Is this normal? I didn't launch anything. I am making food while my pc is on and my firewall asks for permission

 

EDIT: just an update.. has been normal today, but after svchost prompt got freezes, monitor turned off and my pc restarted itself


Edited by wulfrudigerhes, 03 April 2014 - 01:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users