Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RogueKiller found potentional malware, unsure what to do


  • This topic is locked This topic is locked
12 replies to this topic

#1 wowest

wowest

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 21 July 2014 - 01:11 PM

Hi there, I just ran a RogueKiller scan and it found some potentional malware. I don't feel safe deleting anything so I thought I'd ask here to see what you make of the report:
 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Johannes 2 [Admin rights]
Mode : Scan -- Date : 07/21/2014  20:01:19
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\drivers\tcpip.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] 431495c41b8cd1410eaed76c68244b4b
[BSP] a6077090a42d059e6253913b8d868197 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20482048 | Size: 466938 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_07212014_191025.log


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 21 July 2014 - 05:02 PM

Hello Wowest

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 wowest

wowest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 22 July 2014 - 08:40 AM

Hi there.
So I ran the scans and here are the results.
 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Johannes 2 (administrator) on JOHANNES-PC on 22-07-2014 15:38:42
Running from C:\Users\Johannes 2\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dansk (Danmark)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-05-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2575384 2014-07-17] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1111006097-2772283758-3165837370-1001\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1111006097-2772283758-3165837370-1001.bak\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1111006097-2772283758-3165837370-1001.bak\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1111006097-2772283758-3165837370-1001.bak\...\MountPoints2: {2bc0e003-4562-11e2-b3c7-806e6f6e6963} - D:\Setup.Now.exe
HKU\S-1-5-21-1111006097-2772283758-3165837370-1008\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-1111006097-2772283758-3165837370-1008\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1111006097-2772283758-3165837370-500\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
 
==================== Internet (Whitelisted) ====================
 
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Hjælp til logon til Microsoft-konto -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.1.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @verimatrix.com/ViewRightWeb - C:\Program Files (x86)\Verimatrix\ViewRight Web\\npViewRight.dll (Verimatrix, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR StartupUrls: "https://www.google.dk/"
CHR Extension: (Google Dokumenter) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-20]
CHR Extension: (Google Drev) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-20]
CHR Extension: (YouTube) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-20]
CHR Extension: (Google-søgning) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-20]
CHR Extension: (AdBlock) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-20]
CHR Extension: (Hola Bedre Internet) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-20]
CHR Extension: (4chan Plus) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-07-20]
CHR Extension: (Gmail) - C:\Users\Johannes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-20]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
R2 vToolbarUpdater3.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\ToolbarUpdater.exe [1814040 2014-07-17] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-07-17] (AVG Technologies)
R3 RecFltr; C:\Windows\System32\drivers\RecFltr.sys [44800 2013-12-17] (Razer USA Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-22 15:38 - 2014-07-22 15:38 - 00012760 _____ () C:\Users\Johannes 2\Downloads\FRST.txt
2014-07-22 15:38 - 2014-07-22 15:38 - 00000000 ____D () C:\FRST
2014-07-22 15:37 - 2014-07-22 15:37 - 02090496 _____ (Farbar) C:\Users\Johannes 2\Downloads\FRST64.exe
2014-07-21 19:03 - 2014-07-21 19:55 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-21 19:03 - 2014-07-21 19:03 - 05336664 _____ () C:\Users\Johannes 2\Downloads\RogueKillerX64.exe
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Downloads\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Downloads\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Documents\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Documents\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Desktop\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Desktop\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\AppData\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\AppData\addons.sqlite
2014-07-21 16:16 - 2014-07-21 16:20 - 00026690 _____ () C:\Users\Johannes 2\danid.log
2014-07-21 16:16 - 2014-07-21 16:16 - 00000000 ____D () C:\Users\Johannes 2\.oces2
2014-07-21 03:10 - 2014-07-21 03:11 - 00426908 _____ () C:\Users\Johannes 2\Desktop\TheUndermineJournalGE.zip
2014-07-20 16:50 - 2014-07-20 16:50 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Macromedia
2014-07-20 16:47 - 2014-07-20 16:51 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Curse Advertising
2014-07-20 16:47 - 2014-07-20 16:47 - 00000318 _____ () C:\Users\Johannes 2\Desktop\Curse Client.appref-ms
2014-07-20 16:47 - 2014-07-20 16:47 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-07-20 16:46 - 2014-07-22 15:35 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Deployment
2014-07-20 16:46 - 2014-07-20 16:46 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Apps\2.0
2014-07-20 16:45 - 2014-07-20 16:46 - 00402696 _____ () C:\Users\Johannes 2\Downloads\setup.exe
2014-07-20 16:10 - 2014-07-20 16:10 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Blizzard Entertainment
2014-07-20 16:10 - 2014-07-20 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 16:10 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 16:10 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 16:10 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 16:10 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 16:09 - 2014-07-21 22:49 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Battle.net
2014-07-20 16:09 - 2014-07-20 16:12 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Battle.net
2014-07-20 16:09 - 2014-07-20 16:10 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 16:08 - 2014-07-20 16:08 - 00064152 _____ () C:\Users\Johannes 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\ATI
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\ATI
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\AMD
2014-07-20 16:03 - 2014-07-22 15:35 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Skype
2014-07-20 16:03 - 2014-07-21 19:51 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Avg2014
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\AVG2014
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Skype
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\AVG Web TuneUp
2014-07-20 16:02 - 2014-07-21 16:16 - 00000000 ____D () C:\Users\Johannes 2
2014-07-20 16:02 - 2014-07-20 16:02 - 00001423 _____ () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 16:02 - 2014-07-20 16:02 - 00000020 ___SH () C:\Users\Johannes 2\ntuser.ini
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Skabeloner
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Printere
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Menuen Start
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Lokale indstillinger
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Dokumenter
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Videoer
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Musik
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Billeder
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\AppData\Local\Oversigt
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Andre computere
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Adobe
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\VirtualStore
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Google
2014-07-20 16:02 - 2013-07-12 01:40 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\IObit
2014-07-20 16:02 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 16:02 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
2014-07-20 15:52 - 2014-07-20 15:52 - 00064152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 15:50 - 2014-07-20 15:50 - 00002269 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-07-20 15:50 - 2014-07-20 15:50 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AVG Web TuneUp
2014-07-20 15:45 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator
2014-07-20 15:45 - 2014-07-20 15:45 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Skabeloner
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Printere
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Menuen Start
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Lokale indstillinger
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Dokumenter
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Videoer
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Musik
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Billeder
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Oversigt
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Andre computere
2014-07-20 15:45 - 2013-07-12 01:40 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2014-07-20 15:45 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 15:45 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-20 14:51 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\TEMP
2014-07-20 14:51 - 2013-07-12 01:40 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\IObit
2014-07-20 14:51 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-20 14:51 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-19 21:20 - 2014-07-19 21:20 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-19 17:30 - 2014-07-19 17:30 - 00000000 ____D () C:\Users\Johannes\Desktop\Backup
2014-07-19 17:27 - 2014-07-19 17:27 - 17712557 _____ () C:\Users\Johannes\Downloads\1388144483-SyiUI 5.4.zip
2014-07-17 21:08 - 2014-07-18 13:49 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-07-17 21:08 - 2014-07-18 01:08 - 00000000 ____D () C:\Users\Johannes\AppData\Local\AVG Web TuneUp
2014-07-17 21:08 - 2014-07-17 21:07 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-07-17 21:07 - 2014-07-17 21:08 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-07-17 21:07 - 2014-07-17 21:07 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-07-17 21:07 - 2014-07-17 21:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TuneUp Software
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\AVG2014
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-15 15:35 - 2014-07-15 15:37 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 15:35 - 2014-07-15 15:35 - 00000000 ___HD () C:\$AVG
2014-07-15 15:34 - 2014-07-15 15:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-15 15:29 - 2014-07-15 15:29 - 00001114 _____ () C:\Windows\PFRO.log
2014-07-15 15:24 - 2014-07-22 14:59 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-15 15:24 - 2014-07-15 15:45 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Avg2014
2014-07-15 15:24 - 2014-07-15 15:24 - 00000000 ____D () C:\Users\Johannes\AppData\Local\MFAData
2014-07-15 15:21 - 2014-07-15 15:22 - 04755192 _____ (AVG Technologies) C:\Users\Johannes\Downloads\avg_free_stb_all_2014_4716_cnet.exe
2014-07-15 15:16 - 2014-07-15 15:16 - 00000000 ____D () C:\ProgramData\ATI
2014-07-15 15:10 - 2014-07-15 15:49 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-07-15 15:10 - 2014-07-15 15:10 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201407151510174819.log
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\library_dir
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-15 15:06 - 2014-07-22 14:54 - 00000775 _____ () C:\Windows\setupact.log
2014-07-15 15:06 - 2014-07-15 15:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 15:06 - 2014-07-15 15:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-15 14:17 - 2014-07-15 14:17 - 00890744 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader (1).exe
2014-07-13 21:05 - 2014-07-13 21:05 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Verimatrix
2014-07-13 21:04 - 2014-07-13 21:04 - 00000000 ____D () C:\Program Files (x86)\Verimatrix
2014-07-13 21:01 - 2014-07-13 21:01 - 21012480 _____ () C:\Users\Johannes\Downloads\TDC (1).msi
2014-07-12 18:28 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 18:28 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 18:28 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 18:28 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 18:28 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 18:28 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 18:28 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 18:28 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 18:28 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 18:28 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 18:28 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 18:28 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 18:28 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 18:28 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 18:28 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 18:28 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 18:28 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 18:28 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 18:28 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 18:28 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 18:28 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 18:28 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 18:28 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 18:28 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 18:28 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 18:28 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 18:28 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 18:28 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 18:28 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 18:28 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 18:28 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 18:28 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 18:28 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 18:28 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 18:28 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 18:28 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 18:28 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 18:28 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 18:28 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 18:28 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 18:28 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 18:28 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 18:28 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 18:28 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 18:28 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 18:28 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 18:28 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 18:28 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 18:28 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 18:28 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 18:28 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 18:28 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 18:28 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 18:28 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 18:28 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 18:28 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 18:28 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 18:28 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-12 18:28 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 18:28 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 18:28 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 18:28 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-12 18:28 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-12 18:28 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-12 18:28 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-12 18:28 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 18:27 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 18:27 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-12 18:27 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 23:37 - 2014-07-08 23:37 - 01915800 _____ () C:\Users\Johannes\Downloads\winrar-x64-510.exe
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 23:36 - 2014-07-08 23:36 - 01201364 _____ () C:\Users\Johannes\Downloads\1297296158-NiceDamage.rar
2014-07-08 17:41 - 2014-07-08 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
 
==================== One Month Modified Files and Folders =======
 
2014-07-22 15:38 - 2014-07-22 15:38 - 00012760 _____ () C:\Users\Johannes 2\Downloads\FRST.txt
2014-07-22 15:38 - 2014-07-22 15:38 - 00000000 ____D () C:\FRST
2014-07-22 15:37 - 2014-07-22 15:37 - 02090496 _____ (Farbar) C:\Users\Johannes 2\Downloads\FRST64.exe
2014-07-22 15:35 - 2014-07-20 16:46 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Deployment
2014-07-22 15:35 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Skype
2014-07-22 15:01 - 2012-12-13 22:20 - 01588532 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 15:01 - 2009-07-14 06:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-22 15:01 - 2009-07-14 06:45 - 00023584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-22 14:59 - 2014-07-15 15:24 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-22 14:57 - 2014-01-08 19:04 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-22 14:55 - 2013-12-17 16:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-07-22 14:55 - 2013-01-05 13:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-22 14:54 - 2014-07-15 15:06 - 00000775 _____ () C:\Windows\setupact.log
2014-07-22 14:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 22:49 - 2014-07-20 16:09 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Battle.net
2014-07-21 22:42 - 2014-01-08 19:04 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 20:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-21 19:55 - 2014-07-21 19:03 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-21 19:51 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Avg2014
2014-07-21 19:03 - 2014-07-21 19:03 - 05336664 _____ () C:\Users\Johannes 2\Downloads\RogueKillerX64.exe
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Downloads\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Downloads\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Documents\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Documents\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Desktop\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\Desktop\addons.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\AppData\extensions.sqlite
2014-07-21 19:03 - 2014-07-21 19:03 - 00000000 _____ () C:\Users\Johannes\AppData\addons.sqlite
2014-07-21 19:03 - 2013-06-01 14:33 - 00000000 ____D () C:\Users\Johannes\.oces2
2014-07-21 19:03 - 2013-02-08 20:21 - 00000000 ____D () C:\Users\Johannes\.swt
2014-07-21 16:20 - 2014-07-21 16:16 - 00026690 _____ () C:\Users\Johannes 2\danid.log
2014-07-21 16:16 - 2014-07-21 16:16 - 00000000 ____D () C:\Users\Johannes 2\.oces2
2014-07-21 16:16 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2
2014-07-21 03:11 - 2014-07-21 03:10 - 00426908 _____ () C:\Users\Johannes 2\Desktop\TheUndermineJournalGE.zip
2014-07-20 16:51 - 2014-07-20 16:47 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Curse Advertising
2014-07-20 16:50 - 2014-07-20 16:50 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Macromedia
2014-07-20 16:47 - 2014-07-20 16:47 - 00000318 _____ () C:\Users\Johannes 2\Desktop\Curse Client.appref-ms
2014-07-20 16:47 - 2014-07-20 16:47 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-07-20 16:46 - 2014-07-20 16:46 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Apps\2.0
2014-07-20 16:46 - 2014-07-20 16:45 - 00402696 _____ () C:\Users\Johannes 2\Downloads\setup.exe
2014-07-20 16:12 - 2014-07-20 16:09 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Battle.net
2014-07-20 16:12 - 2013-11-02 17:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 16:10 - 2014-07-20 16:10 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Blizzard Entertainment
2014-07-20 16:10 - 2014-07-20 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 16:10 - 2014-07-20 16:09 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 16:10 - 2013-07-22 00:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-20 16:08 - 2014-07-20 16:08 - 00064152 _____ () C:\Users\Johannes 2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\ATI
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\ATI
2014-07-20 16:08 - 2014-07-20 16:08 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\AMD
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\AVG2014
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Skype
2014-07-20 16:03 - 2014-07-20 16:03 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\AVG Web TuneUp
2014-07-20 16:02 - 2014-07-20 16:02 - 00001423 _____ () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 16:02 - 2014-07-20 16:02 - 00000020 ___SH () C:\Users\Johannes 2\ntuser.ini
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Skabeloner
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Printere
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Menuen Start
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Lokale indstillinger
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Dokumenter
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Videoer
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Musik
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Documents\Billeder
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\AppData\Local\Oversigt
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 _SHDL () C:\Users\Johannes 2\Andre computere
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Roaming\Adobe
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\VirtualStore
2014-07-20 16:02 - 2014-07-20 16:02 - 00000000 ____D () C:\Users\Johannes 2\AppData\Local\Google
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2014-07-20 15:55 - 2014-07-20 15:55 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
2014-07-20 15:52 - 2014-07-20 15:52 - 00064152 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-20 15:50 - 2014-07-20 15:50 - 00002269 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2014-07-20 15:50 - 2014-07-20 15:50 - 00001419 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014
2014-07-20 15:50 - 2014-07-20 15:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AVG Web TuneUp
2014-07-20 15:50 - 2014-07-20 15:45 - 00000000 ____D () C:\Users\Administrator
2014-07-20 15:50 - 2014-07-20 14:51 - 00000000 ____D () C:\Users\TEMP
2014-07-20 15:50 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-07-20 15:45 - 2014-07-20 15:45 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Skabeloner
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Printere
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Menuen Start
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Lokale indstillinger
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Dokumenter
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Videoer
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Musik
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Documents\Billeder
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programmer
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Oversigt
2014-07-20 15:45 - 2014-07-20 15:45 - 00000000 _SHDL () C:\Users\Administrator\Andre computere
2014-07-20 14:51 - 2012-12-13 22:38 - 00000000 ____D () C:\Users\Johannes
2014-07-20 02:55 - 2013-11-25 19:41 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Battle.net
2014-07-20 02:54 - 2012-12-15 20:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Skype
2014-07-20 02:29 - 2012-12-14 14:52 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Deployment
2014-07-19 21:50 - 2013-02-08 20:24 - 00000000 ____D () C:\Users\Johannes\AppData\Local\PMB Files
2014-07-19 21:20 - 2014-07-19 21:20 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-19 17:30 - 2014-07-19 17:30 - 00000000 ____D () C:\Users\Johannes\Desktop\Backup
2014-07-19 17:27 - 2014-07-19 17:27 - 17712557 _____ () C:\Users\Johannes\Downloads\1388144483-SyiUI 5.4.zip
2014-07-18 13:49 - 2014-07-17 21:08 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-07-18 01:08 - 2014-07-17 21:08 - 00000000 ____D () C:\Users\Johannes\AppData\Local\AVG Web TuneUp
2014-07-17 21:08 - 2014-07-17 21:07 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-07-17 21:07 - 2014-07-17 21:08 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-07-17 21:07 - 2014-07-17 21:07 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-07-17 21:07 - 2014-07-17 21:07 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-07-17 21:03 - 2013-12-29 04:32 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-07-15 22:09 - 2013-02-08 20:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-15 22:02 - 2013-01-05 13:12 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-15 15:49 - 2014-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-07-15 15:48 - 2013-11-23 19:04 - 00000000 ____D () C:\Windows\pss
2014-07-15 15:45 - 2014-07-15 15:24 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Avg2014
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\TuneUp Software
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\AVG2014
2014-07-15 15:37 - 2014-07-15 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-15 15:37 - 2014-07-15 15:35 - 00000000 ____D () C:\ProgramData\AVG2014
2014-07-15 15:35 - 2014-07-15 15:35 - 00000000 ___HD () C:\$AVG
2014-07-15 15:34 - 2014-07-15 15:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-07-15 15:29 - 2014-07-15 15:29 - 00001114 _____ () C:\Windows\PFRO.log
2014-07-15 15:24 - 2014-07-15 15:24 - 00000000 ____D () C:\Users\Johannes\AppData\Local\MFAData
2014-07-15 15:24 - 2013-04-16 17:32 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-15 15:23 - 2013-04-14 17:43 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-07-15 15:22 - 2014-07-15 15:21 - 04755192 _____ (AVG Technologies) C:\Users\Johannes\Downloads\avg_free_stb_all_2014_4716_cnet.exe
2014-07-15 15:16 - 2014-07-15 15:16 - 00000000 ____D () C:\ProgramData\ATI
2014-07-15 15:14 - 2014-03-20 19:50 - 00000000 ____D () C:\Users\Johannes\Documents\Diablo III
2014-07-15 15:10 - 2014-07-15 15:10 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201407151510174819.log
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\library_dir
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-15 15:10 - 2014-07-15 15:10 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-15 15:10 - 2013-03-17 21:52 - 00000000 ____D () C:\ProgramData\AMD
2014-07-15 15:10 - 2013-03-17 21:52 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-07-15 15:09 - 2013-03-17 21:52 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-07-15 15:06 - 2014-07-15 15:06 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 15:06 - 2014-07-15 15:06 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-15 14:17 - 2014-07-15 14:17 - 00890744 _____ (AMD) C:\Users\Johannes\Downloads\amddriverdownloader (1).exe
2014-07-15 14:13 - 2012-12-13 17:20 - 00000000 ____D () C:\Games
2014-07-13 23:54 - 2014-03-07 20:32 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Spotify
2014-07-13 23:54 - 2014-03-07 20:32 - 00000000 ____D () C:\Users\Johannes\AppData\Local\Spotify
2014-07-13 21:05 - 2014-07-13 21:05 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Verimatrix
2014-07-13 21:04 - 2014-07-13 21:04 - 00000000 ____D () C:\Program Files (x86)\Verimatrix
2014-07-13 21:01 - 2014-07-13 21:01 - 21012480 _____ () C:\Users\Johannes\Downloads\TDC (1).msi
2014-07-13 12:26 - 2009-07-14 06:45 - 00293840 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-13 03:10 - 2014-04-25 10:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 03:10 - 2009-07-14 09:54 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-13 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-13 03:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-13 03:04 - 2013-07-30 15:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-13 03:03 - 2012-12-14 15:18 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-12 18:29 - 2013-11-25 19:41 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-11 03:02 - 2014-07-20 16:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-20 16:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-20 16:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-20 16:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-08 23:37 - 2014-07-08 23:37 - 01915800 _____ () C:\Users\Johannes\Downloads\winrar-x64-510.exe
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-08 23:37 - 2014-07-08 23:37 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-08 23:36 - 2014-07-08 23:36 - 01201364 _____ () C:\Users\Johannes\Downloads\1297296158-NiceDamage.rar
2014-07-08 21:55 - 2013-01-05 13:23 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 21:55 - 2013-01-05 13:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 21:55 - 2013-01-05 13:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 19:41 - 2013-06-01 14:33 - 00651865 _____ () C:\Users\Johannes\danid.log
2014-07-08 17:41 - 2014-07-08 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-30 04:09 - 2014-07-12 18:28 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-12 18:28 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-25 17:09 - 2013-05-08 17:09 - 00000332 _____ () C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job
2014-06-25 12:08 - 2013-02-19 17:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-25 12:08 - 2012-12-15 20:10 - 00000000 ____D () C:\ProgramData\Skype
 
Some content of TEMP:
====================
C:\Users\Johannes\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Johannes\AppData\Local\Temp\170EFFB9.dll
C:\Users\Johannes\AppData\Local\Temp\170FCFC5.dll
C:\Users\Johannes\AppData\Local\Temp\1710881E.dll
C:\Users\Johannes\AppData\Local\Temp\1710D933.dll
C:\Users\Johannes\AppData\Local\Temp\raptrpatch.exe
C:\Users\Johannes\AppData\Local\Temp\raptr_stub.exe
C:\Users\Johannes 2\AppData\Local\Temp\59483898.dll
C:\Users\Johannes 2\AppData\Local\Temp\594BC636.dll
C:\Users\Johannes 2\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-21 20:51
 
==================== End Of Log ============================


Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Johannes 2 at 2014-07-22 15:39:16
Running from C:\Users\Johannes 2\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Dansk (HKLM-x32\...\{AC76BA86-7AD7-1030-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Dit firmanavn) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Dit firmanavn) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.1.0.6 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Logitech SetPoint 5.20 (HKLM\...\{D3120436-1358-4253-9EB2-257FFE8CE1D9}) (Version: 5.20 - Logitech)
Microsoft .NET Framework 4.5.1 (DAN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
ViewRight Web PC (HKLM-x32\...\{68A0C31B-EBF0-498E-93E6-8479B8060913}) (Version: 3.3.0.0 - Verimatrix, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Restore Points  =========================
 
15-07-2014 13:05:40 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
15-07-2014 13:31:14 Installed AVG 2014
15-07-2014 13:34:49 Installed AVG 2014
18-07-2014 14:03:50 Windows Update
20-07-2014 14:08:46 Installed Java 7 Update 65
 
==================== Hosts content: ==========================
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {3A5AFF4C-892C-4D33-B656-9AF3AD664243} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {3E51DF34-EA0E-4E5E-A062-A0DAE07144AB} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {54C34AE5-828C-4600-B930-A7C5718A2112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {88A332E8-EE42-4512-AC2F-BCEC1659D2A5} - System32\Tasks\Driver Booster SkipUAC (Johannes) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {9911D66D-6FB0-46F9-89E4-2500E3F6463C} - System32\Tasks\{D1D1D5C2-6917-4E0A-A4F9-A35689F0FC77} => Chrome.exe http://ui.skype.com/ui/0/6.6.59.106/da/go/help.faq.installer?LastError=1618
Task: {BB756AFD-7845-4DAD-BC68-D31FFE40159F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-08] (Google Inc.)
Task: {E58F4396-6C1B-4A5C-AE79-F0C05BA352E3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-17 21:07 - 2014-07-17 21:07 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\loggingserver.exe
2014-07-17 21:07 - 2014-07-17 21:07 - 02575384 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-17 21:07 - 2014-07-17 21:07 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.1.0\log4cplusU.dll
2014-04-17 22:13 - 2014-04-17 22:13 - 00077824 _____ () C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDad.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => 
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Pando Media Booster => c:\program files (x86)\pando networks\media booster\pmb.exe
MSCONFIG\startupreg: Skype => 
MSCONFIG\startupreg: Spotify => "C:\Users\Johannes\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => c:\users\johannes\appdata\roaming\spotify\data\spotifywebhelper.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/22/2014 02:57:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Der kan ikke logges på, da profilen ikke kan indlæses. Kontroller, at der er forbindelse til netværket, eller at netværket fungerer korrekt. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/21/2014 01:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Der kan ikke logges på, da profilen ikke kan indlæses. Kontroller, at der er forbindelse til netværket, eller at netværket fungerer korrekt. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/20/2014 07:47:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Der kan ikke logges på, da profilen ikke kan indlæses. Kontroller, at der er forbindelse til netværket, eller at netværket fungerer korrekt. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/20/2014 04:08:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Fejl i tjenesten Volume Snapshots: Uventet fejl ved kald af rutinen ConvertStringSidToSid(S-1-5-21-1111006097-2772283758-3165837370-1001.bak). hr = 0x80070539, Strukturen af sikkerheds-id'et er ugyldig.
.
 
 
Handling:
   Hændelsen OnIdentify
   Indsamler skriverdata
 
Kontekst:
   Kontekst for udførelse: Shadow Copy Optimization Writer
   Klasse-id for skriver: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Navn på skriver: Shadow Copy Optimization Writer
   Forekomst-id for skriver: {b4a080df-e5ae-4083-8a8f-ae82bbad5038}
 
Error: (07/20/2014 04:02:58 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3176) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (07/20/2014 04:02:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4448) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.
 
Error: (07/20/2014 04:02:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Der kan ikke logges på, da profilen ikke kan indlæses. Kontroller, at der er forbindelse til netværket, eller at netværket fungerer korrekt. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/20/2014 03:33:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Johannes-Pc)
Description: Brugerens profil kan ikke indlæses. Du er logget på med systemets standardprofil. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/20/2014 03:25:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Johannes-Pc)
Description: Brugerens profil kan ikke indlæses. Du er logget på med systemets standardprofil. 
 
 OPLYSNING - Adgang nægtet.
 
Error: (07/20/2014 03:23:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Der kan ikke logges på, da profilen ikke kan indlæses. Kontroller, at der er forbindelse til netværket, eller at netværket fungerer korrekt. 
 
 OPLYSNING - Adgang nægtet.
 
 
System errors:
=============
Error: (07/22/2014 02:58:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten LiveUpdate afsluttede uventet. Dette er sket 1 gang(e).
 
Error: (07/21/2014 01:17:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten LiveUpdate afsluttede uventet. Dette er sket 1 gang(e).
 
Error: (07/20/2014 03:50:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Tjenesten LiveUpdate afsluttede uventet. Dette er sket 1 gang(e).
 
Error: (07/20/2014 03:34:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten PnP-X IP Bus-optælling afhænger af tjenesten Udbydervært til registrering af funktioner, der ikke kunne starte pga. følgende fejl: 
%%1068
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Følgende boot-start- eller system-start-driver kunne ikke indlæses: 
AFD
Avgdiska
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
vwififlt
Wanarpv6
WfpLwf
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten NLA (Network Location Awareness) afhænger af tjenesten Tjenesten Grænseflade til netværkslagring, der ikke kunne starte pga. følgende fejl: 
%%1068
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten SMB 2.0 MiniRedirector afhænger af tjenesten Wrapper og program til SMB MiniRedirector, der ikke kunne starte pga. følgende fejl: 
%%1068
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten SMB 1.x MiniRedirector afhænger af tjenesten Wrapper og program til SMB MiniRedirector, der ikke kunne starte pga. følgende fejl: 
%%1068
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten Wrapper og program til SMB MiniRedirector afhænger af tjenesten Omdirigeret bufferundersystem, der ikke kunne starte pga. følgende fejl: 
%%31
 
Error: (07/20/2014 03:32:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Tjenesten AVGIDSAgent afhænger af tjenesten AVGIDSDriver, der ikke kunne starte pga. følgende fejl: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (07/22/2014 02:57:02 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/21/2014 01:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/20/2014 07:47:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/20/2014 04:08:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1111006097-2772283758-3165837370-1001.bak)0x80070539, Strukturen af sikkerheds-id'et er ugyldig.
 
 
Handling:
   Hændelsen OnIdentify
   Indsamler skriverdata
 
Kontekst:
   Kontekst for udførelse: Shadow Copy Optimization Writer
   Klasse-id for skriver: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Navn på skriver: Shadow Copy Optimization Writer
   Forekomst-id for skriver: {b4a080df-e5ae-4083-8a8f-ae82bbad5038}
 
Error: (07/20/2014 04:02:58 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail3176WindowsMail0:
 
Error: (07/20/2014 04:02:53 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4448WindowsMail0:
 
Error: (07/20/2014 04:02:41 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/20/2014 03:33:44 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/20/2014 03:25:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1505) (User: Johannes-Pc)
Description: Adgang nægtet.
 
Error: (07/20/2014 03:23:53 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: Johannes-Pc)
Description: Adgang nægtet.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-18 15:37:58.881
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:58.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:58.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:58.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:58.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:57.950
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:57.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:57.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:57.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-07-18 15:37:57.657
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 4093.55 MB
Available physical RAM: 2477.49 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 6271.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.99 GB) (Free:340.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 61DC34D7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 22 July 2014 - 01:59 PM


Hi Wowest

Can I ask why you ran RougeKiller? Are you having any issues with your machine?

 

Also you ran FRST from the Downloads folder and not on the Desktop as I asked. Please copy FRST from the Downloads Folder and paste it on your Desktop before completing the steps.

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

start
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
C:\Program Files (x86)\IObit
C:\Users\Johannes\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Johannes\AppData\Local\Temp\170EFFB9.dll
C:\Users\Johannes\AppData\Local\Temp\170FCFC5.dll
C:\Users\Johannes\AppData\Local\Temp\1710881E.dll
C:\Users\Johannes\AppData\Local\Temp\1710D933.dll
C:\Users\Johannes\AppData\Local\Temp\raptrpatch.exe
C:\Users\Johannes\AppData\Local\Temp\raptr_stub.exe
C:\Users\Johannes 2\AppData\Local\Temp\59483898.dll
C:\Users\Johannes 2\AppData\Local\Temp\594BC636.dll
C:\Users\Johannes 2\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
Task: {88A332E8-EE42-4512-AC2F-BCEC1659D2A5} - System32\Tasks\Driver Booster SkipUAC (Johannes) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {E58F4396-6C1B-4A5C-AE79-F0C05BA352E3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
     

Edited by seedy21, 22 July 2014 - 04:44 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 wowest

wowest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 23 July 2014 - 07:38 AM

Hello again,
I ran RogueKiller as my PC has been running really slow the past months, especially in games, even though I updated drivers etc., so I thought perhaps something was wrong.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2014 01
Ran by Johannes 2 at 2014-07-23 14:15:28 Run:1
Running from C:\Users\Johannes 2\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} ->  No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
C:\Program Files (x86)\IObit
C:\Users\Johannes\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\Johannes\AppData\Local\Temp\170EFFB9.dll
C:\Users\Johannes\AppData\Local\Temp\170FCFC5.dll
C:\Users\Johannes\AppData\Local\Temp\1710881E.dll
C:\Users\Johannes\AppData\Local\Temp\1710D933.dll
C:\Users\Johannes\AppData\Local\Temp\raptrpatch.exe
C:\Users\Johannes\AppData\Local\Temp\raptr_stub.exe
C:\Users\Johannes 2\AppData\Local\Temp\59483898.dll
C:\Users\Johannes 2\AppData\Local\Temp\594BC636.dll
C:\Users\Johannes 2\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
Task: {88A332E8-EE42-4512-AC2F-BCEC1659D2A5} - System32\Tasks\Driver Booster SkipUAC (Johannes) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {E58F4396-6C1B-4A5C-AE79-F0C05BA352E3} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
end
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
LiveUpdateSvc => Service deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\170EFFB9.dll => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\170FCFC5.dll => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\1710881E.dll => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\1710D933.dll => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
C:\Users\Johannes\AppData\Local\Temp\raptr_stub.exe => Moved successfully.
C:\Users\Johannes 2\AppData\Local\Temp\59483898.dll => Moved successfully.
C:\Users\Johannes 2\AppData\Local\Temp\594BC636.dll => Moved successfully.
C:\Users\Johannes 2\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88A332E8-EE42-4512-AC2F-BCEC1659D2A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88A332E8-EE42-4512-AC2F-BCEC1659D2A5}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Johannes) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Johannes)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E58F4396-6C1B-4A5C-AE79-F0C05BA352E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E58F4396-6C1B-4A5C-AE79-F0C05BA352E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
 
==== End of Fixlog ====

And the other one:


Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 23-07-2014
Scan Time: 14:21:35
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.23.03
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Johannes 2
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390533
Time Elapsed: 11 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.InstallBrain.A, HKLM\SOFTWARE\WOW6432NODE\InstallIQ, Quarantined, [277a3a666516b482eb19a544c83a12ee], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 23 July 2014 - 08:00 AM

Hello Wowest


Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:

 

  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

 

  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

    When the scan is complete,

    If no threats were found:
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 wowest

wowest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 23 July 2014 - 12:17 PM

So, apparently I had a trojan:
 

C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B potentially unsafe application
C:\FRST\Quarantine\C\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\defragsetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll Win32/Bundled.Toolbar.Ask.B potentially unsafe application deleted - quarantined
C:\Users\Johannes\Downloads\flash (1).exe JS/TrojanClicker.Agent.NEX trojan cleaned by deleting - quarantined
C:\Users\Johannes\Downloads\flash.exe JS/TrojanClicker.Agent.NEX trojan cleaned by deleting - quarantined
C:\Windows\Installer\MSI4AAD.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined


#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 23 July 2014 - 01:23 PM

Hi Wowest
 

apparently I had a trojan

 
Correct, but ESET has quarantined the Trojan.
 
How is the machine running now? Are you having any other faults?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 wowest

wowest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 23 July 2014 - 01:59 PM

I'll restart the machine later and give it some time to cool off. It is not as laggy as previously (still not optimal though), so I think the trojan caused the problem. Thank you so much for the help, if I ever get similar problems I definitely know where I'll be going.



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 23 July 2014 - 02:17 PM

Hi Wowest

 

Please let me know how the machine is running after you have tested this. If it is working fine we will start the clean-up process.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 wowest

wowest
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 23 July 2014 - 04:06 PM

So yeah it still runs alright, better than before so I guess it works like it should. 



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:03:17 AM

Posted 23 July 2014 - 04:12 PM


Hi Wowest

If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up FRST Quarantine Folder

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

Start
DeleteQuarantine:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) You can delete it.


Clean up with Delfix

Download "Delfix by Xplode" and save it to your desktop.

  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.

    Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.
    Turn On Automatic Updates:

    Turn On Automatic Updates

    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


    ]Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:17 PM

Posted 26 July 2014 - 02:17 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users