Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found Hj.Name- userinit.exe PUM.Policies and PUM.DesktopIcons with rougue killer


  • This topic is locked This topic is locked
49 replies to this topic

#1 marsboy900

marsboy900

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 20 July 2014 - 09:20 PM

Hy ,i've scanned  a couple of hours ago my computer with avira and malwarebytes,spybot plus adwcleaner  tdss  killer  and found nothing ,i did a scan with combofix  too (didnt knew then i should wait for someone to ask me to use combofix  because i found out later  ,so i did it ) ,after i did a scan with rougue killer in safe mode and found the pum policies and pum desktop icons ,are they dangerous?To be more precise  i found some time ago pum dns too with rougue killer but since they are noted as pums and since my other antivirus and antimalware programs havent found anything i didnt worried about them but i keep getting them all the time

 

Here is the Rk report of the first scan :

 

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Laptopp [Admin rights]
Mode : Scan -- Date : 07/21/2014  01:12:13

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 898bd0634d7edf5350965830762252a9
[BSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log
RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log
RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log
RKreport_SCN_07162014_230720.log


Edited by marsboy900, 20 July 2014 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 20 July 2014 - 09:28 PM

Update 2: then i did another scan with Rk in normal startup mode with avira's security settings like autorun block and host protection turned on and came up with this hj.name,userinit.exe marked red so i got scared :

 

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Laptopp [Admin rights]
Mode : Scan -- Date : 07/21/2014  04:37:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe,  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 898bd0634d7edf5350965830762252a9
[BSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log
RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_SCN_07012014_160322.log
RKreport_SCN_07012014_231456.log - RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log
RKreport_SCN_07162014_223100.log - RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log

 

 

 

- I deleted the pums again but the hj.name couldnt be deleted because avira was protecting the host files so i unchecked the host protection and block autorun security functions in avira ,restarted ,scanned again with Rk and deleted the hj.name too   ,but on this second scan the atapi filter wasnt recognize as possible malware .So im thinking the filter could have been the avira block autorun  option?and was userinit.exe part of avira too   and a false positive or a virus ?  it was marked with red

Here is the last report without the filter being detected    after i disabled avira security protection but with hj.name still there:

 

 

 

 

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Laptopp [Admin rights]
Mode : Scan -- Date : 07/21/2014  05:11:40

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe,  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 898bd0634d7edf5350965830762252a9
[BSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log
RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_DEL_07212014_044312.log
RKreport_DEL_07212014_045018.log - RKreport_DEL_07212014_050007.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log
RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log
RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - RKreport_SCN_07212014_043743.log
RKreport_SCN_07212014_044348.log - RKreport_SCN_07212014_045004.log - RKreport_SCN_07212014_045952.log


Edited by marsboy900, 20 July 2014 - 09:38 PM.


#3 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 20 July 2014 - 09:35 PM

   Im going to sleep now  ,if i get answers i;ll reply when ill wake up ,thanks in advance



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 09:20 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please post all logs you have.

Please download FRST (by Farbar) from the link below and save it to your Desktop.
 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 10:30 AM

Hy ,i disabled all antivirus programs i have as said in the help file but now i did it corectly and shutdown spybot and comodo too but after i did that i run frst ,scanned with it ,then i run rkill again which i shouldnt maybe ,rkill enabled my windows firewall i think which was disabled by me when i disabeld avira and then i tried to enable avira again but it wouldnt let me saying it cant find avira.exe or something like that or that i dont have the rights so i tried to log off but when i logged off i got " interactive logon process initialization has failed windows 7" and couldnt log in , now im trying a system repair im using my phone to reply here . I think when i disabled completly spybot or avira thats when the userinit.exe got deleted ? I found in my downloads userinit.exe that was actually rkill which i downloaded but forgot about it , after i deleted that rkill with the changed name to userinit.exe rogue killer didnt find userinit.exe anymore and then i got this error with the logon issue . Windows repair couldnt repair anything .tried to go into safe mode but i get a blue screen

Edited by marsboy900, 21 July 2014 - 10:41 AM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 10:35 AM

So, you can not boot and try to do a start up repair? If yes please tell me if it was successful.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 10:39 AM

I tried startup repair ,it doesnt work should i try a system restore?i should have asked for help the first time i got those pums and not try to do it myself i only complicated things

Edited by marsboy900, 21 July 2014 - 10:43 AM.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 10:45 AM

You can try System Restore. If it doesn't work do this below please.

On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html




To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========


Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 11:02 AM

Im trying system repair using the instalation disk if it doesnt work then im going to try syys restore and after ill try to post the logs .I dont know why im getting blue screen ....do you think userinit.exe was a virus in the registry or it was the rkill that had that name and rogue killer saw it as false positive ? Cause after i deleted it myself, rogue killter couldnt find userinit.exe in the registry

Edited by marsboy900, 21 July 2014 - 11:06 AM.


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 11:05 AM

Let's wait - then I can tell you more.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 11:52 AM

Ok so i've used system restored and restored it succesfully but now my avira says it has invalid license but its free maybe i should reinstall it ,ill restart and see if it gets fixed,and malwarebytes has real time protection  disabled all though  in the taskbar its checked , i will post the logs from frst from the scan i took since before it crashed ,i have the blue screen error report to shoul i post it?

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Laptopp (administrator) on LAPTOP-PC on 21-07-2014 17:51:29
Running from C:\Users\Laptopp\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328064 2012-09-14] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [178848 2012-07-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [189520 2014-07-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146480 2014-05-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0289905F77A4CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Laptopp\AppData\Roaming\Mozilla\Firefox\Profiles\s0uan70k.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\Laptopp\AppData\Roaming\Mozilla\Firefox\Profiles\s0uan70k.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2014-07-21]
FF Extension: Facebook Photo Zoom - C:\Users\Laptopp\AppData\Roaming\Mozilla\Firefox\Profiles\s0uan70k.default\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2014-07-21]
FF Extension: Adblock Plus - C:\Users\Laptopp\AppData\Roaming\Mozilla\Firefox\Profiles\s0uan70k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-21]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-07-02]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-02] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-07] (Avira Operations GmbH & Co. KG)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-17] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242216 2014-06-17] (Foxit Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21007192 2014-04-30] (NVIDIA Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-02] (Avira Operations GmbH & Co. KG)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-17] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-17] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-17] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2014-01-09] (DT Soft Ltd)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2014-07-03] (Sony Mobile Communications)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-02-28] (AnchorFree Inc.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-17] (COMODO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18776 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S0 pefxbo; No ImagePath
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [40664 2014-03-10] (The OpenVPN Project)
S0 qxuaja; No ImagePath
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S0 wjtvys; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 17:51 - 2014-07-21 17:51 - 00012865 _____ () C:\Users\Laptopp\Downloads\FRST.txt
2014-07-21 17:51 - 2014-07-21 17:51 - 00000000 ____D () C:\FRST
2014-07-21 17:48 - 2014-07-21 17:48 - 02089984 _____ (Farbar) C:\Users\Laptopp\Downloads\FRST64.exe
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Comodo
2014-07-21 05:11 - 2014-07-21 05:11 - 00002146 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_051140.log
2014-07-21 04:42 - 2014-07-21 04:42 - 00002491 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_043743.log
2014-07-21 03:09 - 2014-07-21 03:09 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 03:09 - 2014-07-21 03:09 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Mozilla
2014-07-21 03:09 - 2014-07-21 03:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-21 03:05 - 2014-07-21 03:05 - 00284224 _____ (Mozilla) C:\Users\Laptopp\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 02:55 - 2014-07-21 02:55 - 00995328 _____ () C:\Users\Laptopp\Downloads\MicrosoftFixit50784.msi
2014-07-21 02:35 - 2014-07-21 02:35 - 00854390 _____ () C:\Users\Laptopp\Downloads\SecurityCheck.exe
2014-07-21 02:35 - 2014-07-21 02:35 - 00415232 _____ (Farbar) C:\Users\Laptopp\Downloads\FSS.exe
2014-07-21 02:12 - 2014-07-21 02:12 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Laptopp\Downloads\iExplorer64.exe
2014-07-21 02:08 - 2014-07-21 05:05 - 00000940 _____ () C:\Users\Laptopp\Desktop\Rkill.txt
2014-07-21 01:14 - 2014-07-21 04:51 - 00001822 _____ () C:\Windows\PFRO.log
2014-07-21 01:12 - 2014-07-21 01:12 - 00002421 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_011213.log
2014-07-21 00:49 - 2014-07-21 00:49 - 00032411 _____ () C:\ComboFix.txt
2014-07-21 00:34 - 2014-07-21 00:34 - 05561612 ____R (Swearware) C:\Users\Laptopp\Downloads\ComboFix.exe
2014-07-21 00:34 - 2014-07-21 00:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Laptopp\Downloads\tdsskiller (1).exe
2014-07-21 00:34 - 2014-07-21 00:34 - 01354223 _____ () C:\Users\Laptopp\Downloads\adwcleaner_3.216 (1).exe
2014-07-21 00:33 - 2014-07-21 00:33 - 05336664 _____ () C:\Users\Laptopp\Downloads\RogueKillerX64 (1).exe
2014-07-21 00:28 - 2014-07-21 16:38 - 00001288 _____ () C:\Windows\setupact.log
2014-07-21 00:28 - 2014-07-21 00:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-21 00:27 - 2014-07-21 00:28 - 00323464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 20:45 - 2014-07-20 20:45 - 00070352 _____ () C:\Users\Laptopp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 20:27 - 2014-07-20 20:27 - 00007630 _____ () C:\Users\Laptopp\AppData\Local\Resmon.ResmonCfg
2014-07-20 02:41 - 2014-07-20 02:41 - 00000262 _____ () C:\Users\Laptopp\Desktop\Run.lnk
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\IsolatedStorage
2014-07-19 18:41 - 2014-07-20 20:42 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\CrashDumps
2014-07-18 13:27 - 2014-07-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-07-18 13:26 - 2014-07-18 13:27 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-18 04:25 - 2014-07-18 04:27 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\CyberGhost
2014-07-18 02:12 - 2014-07-18 02:11 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 02:11 - 2014-07-18 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 01:55 - 2014-07-18 01:56 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\vlc
2014-07-17 23:51 - 2014-07-17 23:51 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Yahoo!
2014-07-17 21:31 - 2014-07-17 21:31 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\LibreOffice
2014-07-17 12:19 - 2014-07-17 12:18 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-17 02:14 - 2014-07-17 02:14 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Foxit Software
2014-07-16 23:54 - 2014-07-16 23:54 - 00000000 __SHD () C:\Users\Laptopp\AppData\Local\EmieUserList
2014-07-16 23:54 - 2014-07-16 23:54 - 00000000 __SHD () C:\Users\Laptopp\AppData\Local\EmieSiteList
2014-07-16 23:19 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-16 23:19 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-16 23:19 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-16 23:19 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-16 23:19 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-16 23:19 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-16 23:19 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-16 23:19 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-16 22:27 - 2014-07-21 17:30 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-16 22:26 - 2014-07-16 16:07 - 00450734 _____ () C:\Windows\system32\Drivers\etc\hosts.20140716-222629.backup
2014-07-16 17:10 - 2014-07-16 17:10 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Macromedia
2014-07-16 16:58 - 2014-07-16 16:58 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\WinRAR
2014-07-16 16:55 - 2014-07-16 16:55 - 00000000 ____D () C:\Users\Laptopp\Documents\Virtua Tennis 4
2014-07-16 16:53 - 2014-07-20 00:09 - 00000000 ____D () C:\Users\Laptopp\Documents\FIFA 14
2014-07-16 16:53 - 2014-07-16 16:53 - 00000000 ____D () C:\Users\Laptopp\Documents\My Games
2014-07-16 16:53 - 2014-07-16 16:53 - 00000000 ____D () C:\Users\Laptopp\Documents\EA Games
2014-07-16 16:48 - 2014-07-16 16:48 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Macromedia
2014-07-16 16:34 - 2014-07-16 16:34 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Avira
2014-07-16 16:31 - 2014-07-02 13:06 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-16 16:31 - 2014-07-02 13:06 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-16 16:31 - 2014-07-02 13:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-16 16:25 - 2014-07-16 16:25 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Mozilla
2014-07-16 16:17 - 2014-07-16 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-16 16:17 - 2014-07-16 16:31 - 00000000 ____D () C:\ProgramData\Avira
2014-07-16 16:17 - 2014-07-16 16:31 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-16 16:14 - 2014-07-16 16:14 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-07-16 16:14 - 2014-07-16 16:14 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-07-16 16:13 - 2014-07-16 16:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\DAEMON Tools Pro
2014-07-16 16:12 - 2014-07-16 16:12 - 00001423 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 16:12 - 2014-07-16 16:12 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest
2014-07-16 16:12 - 2014-07-09 14:13 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-16 16:12 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 16:12 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 15:38 - 2014-07-16 15:38 - 00001427 _____ () C:\Users\Laptopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\DAEMON Tools Pro
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Adobe
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\NVIDIA Corporation
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\NVIDIA
2014-07-16 15:37 - 2014-07-20 01:29 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Google
2014-07-16 15:37 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp
2014-07-16 15:37 - 2014-07-16 15:37 - 00000020 ___SH () C:\Users\Laptopp\ntuser.ini
2014-07-16 15:37 - 2014-07-16 15:37 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\VirtualStore
2014-07-16 15:37 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\Laptopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 15:37 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\Laptopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-09 17:54 - 2014-07-09 17:54 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-07-09 14:13 - 2014-07-09 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-09 14:13 - 2014-07-09 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-09 08:23 - 2014-06-20 23:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:23 - 2014-06-20 22:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 08:23 - 2014-06-19 04:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:23 - 2014-06-19 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:23 - 2014-06-19 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:23 - 2014-06-19 03:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:23 - 2014-06-19 03:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:23 - 2014-06-19 03:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:23 - 2014-06-19 03:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:23 - 2014-06-19 03:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:23 - 2014-06-19 03:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:23 - 2014-06-19 03:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:23 - 2014-06-19 03:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:23 - 2014-06-19 03:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:23 - 2014-06-19 03:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:23 - 2014-06-19 03:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:23 - 2014-06-19 03:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 08:23 - 2014-06-19 03:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:23 - 2014-06-19 03:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:23 - 2014-06-19 02:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:23 - 2014-06-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 08:23 - 2014-06-19 02:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:23 - 2014-06-19 02:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:23 - 2014-06-19 02:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:23 - 2014-06-19 02:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:23 - 2014-06-19 02:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:23 - 2014-06-19 02:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 08:23 - 2014-06-19 02:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 08:23 - 2014-06-19 02:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:23 - 2014-06-19 02:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:23 - 2014-06-19 02:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:23 - 2014-06-19 02:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 08:23 - 2014-06-19 02:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 08:23 - 2014-06-19 02:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 08:23 - 2014-06-19 02:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:23 - 2014-06-19 02:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:23 - 2014-06-19 02:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 08:23 - 2014-06-19 02:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 08:23 - 2014-06-19 02:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 08:23 - 2014-06-19 02:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 08:23 - 2014-06-19 02:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:23 - 2014-06-19 02:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 08:23 - 2014-06-19 01:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 08:23 - 2014-06-19 01:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:23 - 2014-06-19 01:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 08:23 - 2014-06-19 01:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 08:23 - 2014-06-19 01:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:23 - 2014-06-19 01:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 08:23 - 2014-06-19 01:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:23 - 2014-06-19 01:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 08:23 - 2014-06-19 01:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 08:23 - 2014-06-19 01:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:23 - 2014-06-19 01:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:23 - 2014-06-19 01:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 08:23 - 2014-06-19 01:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 08:23 - 2014-06-19 01:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 08:22 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 08:22 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 08:22 - 2014-06-18 04:07 - 03161088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 08:18 - 2014-06-30 05:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 08:18 - 2014-06-30 05:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 08:17 - 2014-06-05 17:44 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 08:17 - 2014-06-05 17:44 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 08:17 - 2014-06-05 17:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 08:17 - 2014-06-05 17:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 08:17 - 2014-06-05 17:16 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 08:17 - 2014-06-05 17:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 08:17 - 2014-06-05 17:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 08:16 - 2014-05-30 09:41 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 08:15 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 08:15 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 16:19 - 2014-07-08 16:18 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161958.backup
2014-07-08 16:18 - 2014-07-08 16:18 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161843.backup
2014-07-08 16:07 - 2014-07-08 16:04 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-160704.backup
2014-07-06 15:03 - 2014-07-06 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-05 11:09 - 2014-05-08 14:25 - 00939224 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-07-05 11:09 - 2014-05-08 14:25 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-07-05 03:03 - 2014-07-05 03:01 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140705-030310.backup
2014-07-05 03:01 - 2014-07-04 14:20 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140705-030159.backup
2014-07-04 14:16 - 2014-07-04 14:16 - 00001505 _____ () C:\as.mof
2014-07-04 14:16 - 2014-07-04 14:16 - 00000509 _____ () C:\fw.mof
2014-07-04 13:43 - 2014-07-04 13:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LAPTOP-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-07-04 13:42 - 2014-07-04 13:42 - 00000000 ____D () C:\RegBackup
2014-07-04 13:20 - 2014-07-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-04 13:20 - 2014-07-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-04 07:58 - 2014-07-04 07:58 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-07-04 07:57 - 2014-07-04 07:57 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-07-04 07:51 - 2014-07-04 07:56 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-07-03 06:05 - 2014-07-03 06:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2014-07-03 05:43 - 2014-07-03 05:43 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2014-07-03 05:43 - 2014-07-03 05:43 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-07-02 21:27 - 2014-07-02 21:27 - 00007880 _____ () C:\tasklist.txt
2014-07-02 20:19 - 2014-07-02 20:23 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-07-02 20:19 - 2014-07-02 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-07-01 23:38 - 2014-07-01 23:35 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233811.backup
2014-07-01 23:35 - 2014-07-01 23:33 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233557.backup
2014-07-01 17:07 - 2014-07-01 16:05 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-170739.backup
2014-07-01 15:54 - 2014-07-01 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-01 14:59 - 2014-07-01 14:59 - 00000000 ____D () C:\ProgramData\Norton
2014-07-01 14:55 - 2014-07-01 15:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-01 14:55 - 2014-07-01 14:55 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-01 00:57 - 2014-06-21 03:42 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-005701.backup
2014-07-01 00:52 - 2014-06-21 03:42 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-005237.backup
2014-06-30 02:48 - 2014-07-21 03:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-27 04:11 - 2014-06-27 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-06-27 04:09 - 2014-06-27 04:11 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-26 05:42 - 2014-06-21 03:42 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140626-054226.backup

==================== One Month Modified Files and Folders =======

2014-07-21 17:51 - 2014-07-21 17:51 - 00012865 _____ () C:\Users\Laptopp\Downloads\FRST.txt
2014-07-21 17:51 - 2014-07-21 17:51 - 00000000 ____D () C:\FRST
2014-07-21 17:48 - 2014-07-21 17:48 - 02089984 _____ (Farbar) C:\Users\Laptopp\Downloads\FRST64.exe
2014-07-21 17:48 - 2014-02-12 19:59 - 02071056 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 17:47 - 2014-05-11 21:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 17:30 - 2014-07-16 22:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-21 17:17 - 2014-01-02 01:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 17:10 - 2014-04-14 00:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 16:38 - 2014-07-21 00:28 - 00001288 _____ () C:\Windows\setupact.log
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Comodo
2014-07-21 15:20 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 15:20 - 2009-07-14 07:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 15:18 - 2014-05-11 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 15:15 - 2014-06-12 17:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 15:15 - 2009-07-14 08:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 05:11 - 2014-07-21 05:11 - 00002146 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_051140.log
2014-07-21 05:05 - 2014-07-21 02:08 - 00000940 _____ () C:\Users\Laptopp\Desktop\Rkill.txt
2014-07-21 04:51 - 2014-07-21 01:14 - 00001822 _____ () C:\Windows\PFRO.log
2014-07-21 04:42 - 2014-07-21 04:42 - 00002491 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_043743.log
2014-07-21 03:09 - 2014-07-21 03:09 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-21 03:09 - 2014-07-21 03:09 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Mozilla
2014-07-21 03:09 - 2014-07-21 03:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-21 03:09 - 2014-06-30 02:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-21 03:05 - 2014-07-21 03:05 - 00284224 _____ (Mozilla) C:\Users\Laptopp\Downloads\Firefox Setup Stub 30.0.exe
2014-07-21 02:55 - 2014-07-21 02:55 - 00995328 _____ () C:\Users\Laptopp\Downloads\MicrosoftFixit50784.msi
2014-07-21 02:40 - 2014-01-02 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-21 02:35 - 2014-07-21 02:35 - 00854390 _____ () C:\Users\Laptopp\Downloads\SecurityCheck.exe
2014-07-21 02:35 - 2014-07-21 02:35 - 00415232 _____ (Farbar) C:\Users\Laptopp\Downloads\FSS.exe
2014-07-21 02:12 - 2014-07-21 02:12 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\Laptopp\Downloads\iExplorer64.exe
2014-07-21 02:03 - 2014-01-02 01:14 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-21 02:03 - 2014-01-02 01:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-21 02:03 - 2014-01-02 01:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-21 01:12 - 2014-07-21 01:12 - 00002421 _____ () C:\Users\Laptopp\Desktop\RKreport_SCN_07212014_011213.log
2014-07-21 00:49 - 2014-07-21 00:49 - 00032411 _____ () C:\ComboFix.txt
2014-07-21 00:49 - 2014-03-27 07:56 - 00000000 ____D () C:\Qoobox
2014-07-21 00:47 - 2009-07-14 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-21 00:34 - 2014-07-21 00:34 - 05561612 ____R (Swearware) C:\Users\Laptopp\Downloads\ComboFix.exe
2014-07-21 00:34 - 2014-07-21 00:34 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Laptopp\Downloads\tdsskiller (1).exe
2014-07-21 00:34 - 2014-07-21 00:34 - 01354223 _____ () C:\Users\Laptopp\Downloads\adwcleaner_3.216 (1).exe
2014-07-21 00:33 - 2014-07-21 00:33 - 05336664 _____ () C:\Users\Laptopp\Downloads\RogueKillerX64 (1).exe
2014-07-21 00:28 - 2014-07-21 00:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-21 00:28 - 2014-07-21 00:27 - 00323464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-20 20:45 - 2014-07-20 20:45 - 00070352 _____ () C:\Users\Laptopp\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 20:42 - 2014-07-19 18:41 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\CrashDumps
2014-07-20 20:27 - 2014-07-20 20:27 - 00007630 _____ () C:\Users\Laptopp\AppData\Local\Resmon.ResmonCfg
2014-07-20 05:01 - 2009-07-14 08:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-20 02:41 - 2014-07-20 02:41 - 00000262 _____ () C:\Users\Laptopp\Desktop\Run.lnk
2014-07-20 02:11 - 2014-01-04 09:33 - 00000000 ____D () C:\AdwCleaner
2014-07-20 02:00 - 2014-01-09 08:12 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-20 01:41 - 2014-01-02 10:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 01:39 - 2014-05-31 15:31 - 00000000 ____D () C:\ProgramData\Skype
2014-07-20 01:36 - 2014-07-20 01:36 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\IsolatedStorage
2014-07-20 01:35 - 2014-01-10 19:31 - 00000000 ____D () C:\ProgramData\Origin
2014-07-20 01:33 - 2014-01-02 09:51 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-20 01:29 - 2014-07-16 15:37 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Google
2014-07-20 00:09 - 2014-07-16 16:53 - 00000000 ____D () C:\Users\Laptopp\Documents\FIFA 14
2014-07-18 13:27 - 2014-07-18 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2014-07-18 13:27 - 2014-07-18 13:26 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-07-18 13:27 - 2014-01-03 02:12 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-07-18 04:27 - 2014-07-18 04:25 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\CyberGhost
2014-07-18 02:11 - 2014-07-18 02:12 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-18 02:11 - 2014-07-18 02:11 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-18 02:11 - 2014-07-18 02:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-18 02:11 - 2014-01-02 01:22 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-18 01:56 - 2014-07-18 01:55 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\vlc
2014-07-17 23:51 - 2014-07-17 23:51 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Yahoo!
2014-07-17 21:31 - 2014-07-17 21:31 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\LibreOffice
2014-07-17 17:53 - 2014-03-19 18:59 - 00000000 ____D () C:\Program Files\Recuva
2014-07-17 12:18 - 2014-07-17 12:19 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-17 02:14 - 2014-07-17 02:14 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Foxit Software
2014-07-17 02:03 - 2014-01-04 07:04 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-07-17 02:03 - 2014-01-04 07:04 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-17 02:03 - 2014-01-04 07:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-17 02:03 - 2014-01-04 07:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-16 23:54 - 2014-07-16 23:54 - 00000000 __SHD () C:\Users\Laptopp\AppData\Local\EmieUserList
2014-07-16 23:54 - 2014-07-16 23:54 - 00000000 __SHD () C:\Users\Laptopp\AppData\Local\EmieSiteList
2014-07-16 22:26 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140716-231048.backup
2014-07-16 17:10 - 2014-07-16 17:10 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Macromedia
2014-07-16 16:58 - 2014-07-16 16:58 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\WinRAR
2014-07-16 16:55 - 2014-07-16 16:55 - 00000000 ____D () C:\Users\Laptopp\Documents\Virtua Tennis 4
2014-07-16 16:53 - 2014-07-16 16:53 - 00000000 ____D () C:\Users\Laptopp\Documents\My Games
2014-07-16 16:53 - 2014-07-16 16:53 - 00000000 ____D () C:\Users\Laptopp\Documents\EA Games
2014-07-16 16:52 - 2014-04-22 09:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-16 16:48 - 2014-07-16 16:48 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Macromedia
2014-07-16 16:34 - 2014-07-16 16:34 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Avira
2014-07-16 16:32 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-16 16:31 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Avira
2014-07-16 16:31 - 2014-07-16 16:17 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-16 16:25 - 2014-07-16 16:25 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\Mozilla
2014-07-16 16:17 - 2014-01-15 11:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-16 16:14 - 2014-07-16 16:14 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieUserList
2014-07-16 16:14 - 2014-07-16 16:14 - 00000000 __SHD () C:\Users\Guest\AppData\Local\EmieSiteList
2014-07-16 16:13 - 2014-07-16 16:13 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\DAEMON Tools Pro
2014-07-16 16:13 - 2009-07-14 07:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-16 16:12 - 2014-07-16 16:12 - 00001423 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 16:12 - 2014-07-16 16:12 - 00000020 ___SH () C:\Users\Guest\ntuser.ini
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA Corporation
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\NVIDIA
2014-07-16 16:12 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest
2014-07-16 16:07 - 2014-07-16 22:26 - 00450734 _____ () C:\Windows\system32\Drivers\etc\hosts.20140716-222629.backup
2014-07-16 16:07 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140716-180213.backup
2014-07-16 15:55 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140716-160736.backup
2014-07-16 15:38 - 2014-07-16 15:38 - 00001427 _____ () C:\Users\Laptopp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\DAEMON Tools Pro
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Roaming\Adobe
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\NVIDIA Corporation
2014-07-16 15:38 - 2014-07-16 15:38 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\NVIDIA
2014-07-16 15:38 - 2014-07-16 15:37 - 00000000 ____D () C:\Users\Laptopp
2014-07-16 15:37 - 2014-07-16 15:37 - 00000020 ___SH () C:\Users\Laptopp\ntuser.ini
2014-07-16 15:37 - 2014-07-16 15:37 - 00000000 ____D () C:\Users\Laptopp\AppData\Local\VirtualStore
2014-07-15 04:52 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\rescache
2014-07-14 17:50 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-12 16:23 - 2014-01-19 11:56 - 00000000 ____D () C:\Program Files (x86)\OpenHardwareMonitor
2014-07-09 17:54 - 2014-07-09 17:54 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-07-09 14:13 - 2014-07-16 16:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-09 14:13 - 2014-07-09 14:13 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-07-09 14:13 - 2014-07-09 14:13 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-07-09 14:13 - 2014-06-13 10:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-09 08:54 - 2014-04-23 04:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 08:54 - 2011-04-12 11:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 08:54 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 08:54 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 08:53 - 2014-01-02 03:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 08:51 - 2014-01-02 03:38 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 16:19 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140716-155520.backup
2014-07-08 16:18 - 2014-07-08 16:19 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161958.backup
2014-07-08 16:18 - 2014-07-08 16:18 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161843.backup
2014-07-08 16:13 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161811.backup
2014-07-08 16:07 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-161359.backup
2014-07-08 16:04 - 2014-07-08 16:07 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-160704.backup
2014-07-07 18:15 - 2014-01-02 03:20 - 00000000 ____D () C:\Program Files (x86)\Monkey's Audio
2014-07-06 15:03 - 2014-07-06 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-07-05 16:13 - 2014-01-10 02:36 - 00000000 ____D () C:\wifidata
2014-07-05 11:09 - 2014-01-02 10:55 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-07-05 03:03 - 2009-07-14 05:34 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140708-160452.backup
2014-07-05 03:01 - 2014-07-05 03:03 - 00450734 ____R () C:\Windows\system32\Drivers\etc\hosts.20140705-030310.backup
2014-07-04 14:32 - 2011-04-12 11:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-04 14:20 - 2014-07-05 03:01 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts.20140705-030159.backup
2014-07-04 14:19 - 2009-07-14 05:34 - 00000462 _____ () C:\Windows\win.ini
2014-07-04 14:16 - 2014-07-04 14:16 - 00001505 _____ () C:\as.mof
2014-07-04 14:16 - 2014-07-04 14:16 - 00000509 _____ () C:\fw.mof
2014-07-04 13:43 - 2014-07-04 13:43 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LAPTOP-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2014-07-04 13:42 - 2014-07-04 13:42 - 00000000 ____D () C:\RegBackup
2014-07-04 13:20 - 2014-07-04 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-04 13:20 - 2014-07-04 13:20 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-04 07:58 - 2014-07-04 07:58 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-07-04 07:57 - 2014-07-04 07:57 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\Program Files\Image-Line
2014-07-04 07:56 - 2014-07-04 07:56 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-07-04 07:56 - 2014-07-04 07:51 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-07-03 06:20 - 2014-02-18 12:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-07-03 06:05 - 2014-07-03 06:05 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2014-07-03 05:43 - 2014-07-03 05:43 - 00030424 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2014-07-03 05:43 - 2014-07-03 05:43 - 00016088 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2014-07-03 05:42 - 2014-02-18 23:00 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-07-03 05:42 - 2014-02-18 23:00 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-07-02 21:27 - 2014-07-02 21:27 - 00007880 _____ () C:\tasklist.txt
2014-07-02 20:23 - 2014-07-02 20:19 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-07-02 20:19 - 2014-07-02 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-07-02 13:06 - 2014-07-16 16:31 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-02 13:06 - 2014-07-16 16:31 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-02 13:06 - 2014-07-16 16:31 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-01 23:39 - 2009-07-14 05:34 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140704-122036.backup
2014-07-01 23:39 - 2009-07-14 05:34 - 00449885 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_504
2014-07-01 23:38 - 2009-07-14 05:34 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233935.backup
2014-07-01 23:35 - 2014-07-01 23:38 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233811.backup
2014-07-01 23:33 - 2014-07-01 23:35 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233557.backup
2014-07-01 17:07 - 2009-07-14 05:34 - 00449885 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-233330.backup
2014-07-01 16:05 - 2014-07-01 17:07 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-170739.backup
2014-07-01 15:54 - 2014-07-01 15:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-01 15:13 - 2014-07-01 14:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-01 14:59 - 2014-07-01 14:59 - 00000000 ____D () C:\ProgramData\Norton
2014-07-01 14:55 - 2014-07-01 14:55 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-01 00:57 - 2009-07-14 05:34 - 00450626 ____R () C:\Windows\system32\Drivers\etc\hosts.20140701-005908.backup
2014-06-30 05:09 - 2014-07-09 08:18 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 05:04 - 2014-07-09 08:18 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 04:11 - 2014-06-27 04:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2014-06-27 04:11 - 2014-06-27 04:09 - 00000000 ____D () C:\Program Files (x86)\LibreOffice 4
2014-06-25 02:42 - 2014-05-11 21:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-25 02:42 - 2014-05-11 21:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-21 18:46 - 2009-07-14 08:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-21 03:42 - 2014-07-01 00:57 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-005701.backup
2014-06-21 03:42 - 2014-07-01 00:52 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140701-005237.backup
2014-06-21 03:42 - 2014-06-26 05:42 - 00450626 _____ () C:\Windows\system32\Drivers\etc\hosts.20140626-054226.backup
2014-06-21 03:42 - 2009-07-14 05:34 - 00450626 ____R () C:\Windows\system32\Drivers\etc\hosts.20140623-021453.backup

Some content of TEMP:
====================
C:\Users\Laptopp\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 02:07

==================== End Of Log ============================

 

 

 

 

 

 

And addition report before the crash :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Laptopp at 2014-07-21 17:52:08
Running from C:\Users\Laptopp\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Disabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.7.148 - Adobe Systems, Inc.)
AIDA64 Extreme v4.00 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.00 - FinalWire Ltd.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Avira (HKLM-x32\...\{142be4a8-895b-4ed9-b1ff-11c76357e3df}) (Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.17.31000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Castlevania: Lords of Shadow - Ultimate Edition (HKLM-x32\...\Castlevania: Lords of Shadow - Ultimate Edition_is1) (Version:  - Konami Digital Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.2.0.0348 - DT Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
ffdshow x64 v1.3.4515 [2013-06-12] (HKLM\...\ffdshow64_is1) (Version: 1.3.4515.0 - )
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.5.129.617 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Indeo® Software (HKLM-x32\...\Indeo® Software) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
LibreOffice 4.2.5.2 (HKLM-x32\...\{8D8F47B2-0E03-4C50-9803-A01120878F96}) (Version: 4.2.5.2 - The Document Foundation)
Lyrics Plugin for Winamp (HKLM-x32\...\{75E9A522-65D2-4200-A95F-C3EF89703263}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.113.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.113.09020 - Sony)
MediaHuman Audio Converter version 1.9.1 (HKLM-x32\...\MediaHuman Audio Converter_is1) (Version: 1.9.1 - MediaHuman)
MediaHuman YouTube to MP3 Converter version 3.5 (HKLM-x32\...\MediaHuman YouTube to MP3 Converter_is1) (Version: 3.5 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Nero ControlCenter (x32 Version: 11.0.16700 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 15.0.00015 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.23400 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.13300.42.0 - Nero AG) Hidden
Nero WaveEditor (HKLM-x32\...\{8F7F40B4-8C55-4B92-8C89-16501DAC697F}) (Version: 12.5.00800 - Nero AG)
Nero WaveEditor (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero WaveEditor Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.67 (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.67 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.86.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.9.201406230908 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Elder Scrolls V Skyrim Dragonborn © Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn © Bethes~300CD4A2_is1) (Version: 1 - )
The Testament of Sherlock Holmes patch 1.00.4 (HKLM-x32\...\{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1) (Version: 1.00.4 - Focus Home Interactive)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.5 - Tweaking.com)
Virtua Tennis 4™ (HKLM-x32\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)
Virtua Tennis 4™ (x32 Version: 1.0.0000.130 - SEGA) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Who Is On My Wifi version 3.0.2 (HKLM-x32\...\{010D45A1-093D-4534-8147-4E10E80F81CC}_is1) (Version: 3.0.2 - IO3O LLC)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

19-07-2014 22:33:18 Removed Facebook Video Calling 2.0.0.447
19-07-2014 22:34:12 Removed System Requirements Lab for Intel
19-07-2014 22:36:19 Removed 3DMark
19-07-2014 22:38:50 Removed System Requirements Lab CYRI
19-07-2014 22:39:24 Removed Skype™ 6.16
19-07-2014 22:40:28 Removed 7-Zip 9.20 (x64 edition)
20-07-2014 23:20:30 Windows Update

==================== Hosts content: ==========================

2009-07-14 05:34 - 2014-07-16 23:10 - 00450734 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {30679A66-AB91-464A-95DB-3FF44FE96818} - System32\Tasks\{E4512FEC-480F-45B2-B214-397B771F713D} => D:\Jocuri\Fifa 14\FIFA 14\Game\fifa14-3dm.exe [2014-01-08] (3DM)
Task: {3A5115DD-D65E-4BAC-9FAE-3B0EAC2E9723} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {473A41E4-728F-4A2E-9962-439E4B47D4F5} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14] (ASUSTek Computer Inc.)
Task: {5577BD60-70D8-4A3F-A7C2-56B4753C0EC0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3810790722-2108214571-1548943505-1000Core => C:\Users\Laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {5608ED00-F507-41CE-BCDD-548CFB9BF790} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6FC0A841-5E07-4818-8563-BEDB2615B0DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3810790722-2108214571-1548943505-1000UA => C:\Users\Laptop\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {703BE26B-3A00-43C7-B6B9-514BEC5205F6} - System32\Tasks\{EFE78704-1DFC-4AEE-8760-912FD68E4A52} => D:\Jocuri\The Testament of Sherlock Holmes\game.exe
Task: {721DD9EA-BCC3-46B0-87B3-62F2A902B80F} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: {7FB44BA9-7FA5-40D7-ABC4-476BD203450B} - System32\Tasks\{06450E96-51F3-4D19-BF07-620BE7672154} => D:\Jocuri\The Testament of Sherlock Holmes\game.exe
Task: {807BF9DF-C03D-4190-A633-B5630A24C162} - System32\Tasks\{4ECB67D6-4DD1-4FAA-AD7C-4574A2621418} => D:\Jocuri\TTOSH\sherlock.exe [2014-02-27] ()
Task: {997C4C0A-1DE7-4793-97A7-BC3BA3D2269C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.)
Task: {AE5B5A3D-31D8-4FE0-8131-9AC99D3148C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)
Task: {BB1A75D4-C827-48EC-B272-C4FA683EA8B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {BB62129A-8E6E-4450-9B33-74EE39DA3905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-11] (Google Inc.)
Task: {D132C211-D5D0-48DF-9142-D9AEABAEF133} - System32\Tasks\{2E826851-538C-4183-A1BB-B2E40FE74405} => D:\Jocuri\The Testament of Sherlock Holmes\game.exe
Task: {F0CEB008-44FF-4840-BF26-562F4BA109F8} - System32\Tasks\{4DE047DB-A0DC-4671-8E7D-3B8CAEF11B07} => D:\Jocuri\Fifa 14\FIFA 14\Game\fifa14-3dm.exe [2014-01-08] (3DM)
Task: {F29CC4C1-4126-457A-B4B3-4450ABAABD27} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {FC2B9036-E7F2-447C-AD13-9B91B2128A8C} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-17] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 11:24 - 2013-10-31 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\09465022.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\09465022.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Who Is On My Wifi.lnk => C:\Windows\pss\Who Is On My Wifi.lnk.CommonStartup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless-N 100
Description: Intel® Centrino® Wireless-N 100
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 03:18:01 PM) (Source: CyberGhost VPN Client Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/21/2014 03:17:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:14:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:03:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 04:52:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 03:00:57 AM) (Source: MsiInstaller) (EventID: 10005) (User: Laptop-PC)
Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (07/21/2014 01:15:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:39:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (07/21/2014 00:39:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (07/21/2014 03:18:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberGhost 5 Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/21/2014 03:17:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (07/21/2014 03:17:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/21/2014 03:17:48 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (07/21/2014 03:17:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
pefxbo
qxuaja
wjtvys

Error: (07/21/2014 03:16:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender service failed to start due to the following error:
%%1053

Error: (07/21/2014 03:16:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.

Error: (07/21/2014 05:46:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
pefxbo
qxuaja
wjtvys

Error: (07/21/2014 05:46:08 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (07/21/2014 05:14:59 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
pefxbo
qxuaja
wjtvys


Microsoft Office Sessions:
=========================
Error: (07/21/2014 03:18:01 PM) (Source: CyberGhost VPN Client Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (07/21/2014 03:17:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:45:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:14:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 05:03:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 04:52:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 03:00:57 AM) (Source: MsiInstaller) (EventID: 10005) (User: Laptop-PC)
Description: Product: Microsoft Fix it 50784 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/21/2014 01:15:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/21/2014 00:39:39 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (07/21/2014 00:39:39 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
   Instantiating VSS server


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8102.7 MB
Available physical RAM: 5443.24 MB
Total Pagefile: 16203.59 MB
Available Pagefile: 14019.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:65.15 GB) (Free:20.78 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:400.52 GB) (Free:129.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C776D29F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=65 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=401 GB) - (Type=OF Extended)

==================== End Of Log ============================


Edited by marsboy900, 21 July 2014 - 11:54 AM.


#12 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 11:58 AM

Ok as an update , malwarebytes and avira fixed after i updated them


Edited by marsboy900, 21 July 2014 - 11:58 AM.


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 12:28 PM

Ok as an update , malwarebytes and avira fixed after i updated them

What do you mean? Can you boot now?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 marsboy900

marsboy900
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 21 July 2014 - 12:47 PM

Yes i booted thats how i posted the logs from frst they are logs from the scan i took before the system crashed

#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:19 AM

Posted 21 July 2014 - 01:32 PM

OK
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users