Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think im stuck with extendedunlimited malware


  • This topic is locked This topic is locked
24 replies to this topic

#1 Marwing

Marwing

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 14 September 2014 - 10:08 AM

Mod Edit:  Merged 3 posts, moved from AII to MRL - Hamluis.
 
Sorry wrong part of the forum
 
Oops i put this in the wrong place. How do i delete it move it to the adware section? sorry guys.
Hi,
I think i got the Extendedunlimited malware, can someone help me remove it? Ive used alot of programs with no luck.
 
Ive made a scan with Farbar
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014

Ran by Marcus (administrator) on MARCUS-PC on 14-09-2014 17:06:54

Running from C:\Users\Marcus\Downloads

Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

() C:\Windows\jmesoft\Service.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Lenovo) C:\Windows\jmesoft\hotkey.exe

(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe

() C:\Windows\jmesoft\JME_LOAD.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe

(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)

HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)

HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)

HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-16] ()

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-09-24] (Lenovo)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)

HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)

HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-10] (Valve Corporation)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-06-11] (Electronic Arts)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\MountPoints2: {9d301f09-39f0-11e3-be78-d43d7eab58d7} - "D:\setup.exe" 

HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-10] (Valve Corporation)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-06-11] (Electronic Arts)

HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9d301f09-39f0-11e3-be78-d43d7eab58d7} - "D:\setup.exe" 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk

ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)

Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

SearchScopes: HKLM - {F6C6E837-9FDA-4FD8-AAEB-A6D99F334239} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {F6C6E837-9FDA-4FD8-AAEB-A6D99F334239} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File

FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.se/

CHR DefaultSearchKeyword: Default -> CDAD12481A41DF87F80AF2E2A9A361D9668AB54A6FC6905BA0C2CAEA64548879

CHR DefaultSearchURL: Default -> 7828FBD8F396F4A2550DDA12D7F976160EED5132CC9F2604E126BAC31B18B046

CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (BetterTTV) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2014-04-09]

CHR Extension: (Google Dokument) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-11]

CHR Extension: (Google Drive) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]

CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]

CHR Extension: (Sök på Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]

CHR Extension: (ZenMate) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-06-21]

CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-12]

CHR Extension: (avast! Online Security) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-15]

CHR Extension: (Google Wallet) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]

CHR Extension: (Battlefield Play4Free) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-11-16]

CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-17]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-17] (AVAST Software)

S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [107040 2014-05-31] (EasyAntiCheat Ltd)

S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2457232 2012-07-24] (Realsil Microelectronics Inc.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)

R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-16] () [File not signed]

R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37376 2012-09-24] (Lenovo) [File not signed]

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-09-24] (Lenovo) [File not signed]

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-19] ()

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)

S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-17] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-17] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-17] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-17] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-17] ()

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-21] (Disc Soft Ltd)

R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)

S3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)

U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-03] (Exent Technologies Ltd.)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 _____ () C:\autoexec.bat

2014-09-14 16:50 - 2014-09-14 17:00 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-09-14 16:50 - 2014-09-14 16:50 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-09-14 16:48 - 2014-09-14 16:49 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe

2014-09-14 16:26 - 2014-09-14 16:30 - 00050146 _____ () C:\Users\Marcus\Downloads\Addition.txt

2014-09-14 16:25 - 2014-09-14 17:07 - 00021846 _____ () C:\Users\Marcus\Downloads\FRST.txt

2014-09-14 16:25 - 2014-09-14 17:06 - 00000000 ____D () C:\FRST

2014-09-14 16:25 - 2014-09-14 16:25 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe

2014-09-14 15:33 - 2014-09-14 15:33 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-09-14 15:33 - 2014-09-14 15:33 - 00000000 ____D () C:\Program Files\HitmanPro

2014-09-14 15:32 - 2014-09-14 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-09-14 15:32 - 2014-09-14 15:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcus\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-14 15:32 - 2014-09-14 15:32 - 11194928 _____ (SurfRight B.V.) C:\Users\Marcus\Downloads\HitmanPro_x64.exe

2014-09-14 14:35 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys

2014-09-13 14:01 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-09-13 14:01 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-09-13 14:01 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-09-13 14:01 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-09-13 14:01 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-09-13 14:01 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-09-13 14:01 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-09-13 14:01 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-09-13 14:01 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-09-13 14:01 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-09-13 14:01 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-09-13 14:01 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-09-13 14:01 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-09-13 14:01 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-09-13 14:01 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-09-13 14:01 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-09-13 14:01 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-09-13 14:01 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-09-13 14:01 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-09-13 14:01 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-09-13 14:01 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-09-13 14:01 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-13 14:01 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-09-13 14:01 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-09-13 14:01 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-09-13 14:01 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-09-13 14:01 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-09-13 14:01 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-09-13 14:01 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-09-13 14:01 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-09-13 14:01 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-09-13 14:01 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-09-13 14:01 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-09-13 14:01 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-09-13 14:01 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-09-13 13:06 - 2014-09-13 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Civitas2

2014-09-13 12:50 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2014-09-13 12:50 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2014-09-13 12:50 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\Users\Marcus\Documents\Kalypso Media

2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\ProgramData\Airline Tycoon 2

2014-09-12 19:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-09-12 19:18 - 2014-09-14 15:58 - 00000000 ____D () C:\AdwCleaner

2014-09-12 19:10 - 2014-09-12 19:10 - 00003243 _____ () C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.lnk

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\ProgramData\Sophos

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Program Files (x86)\Sophos

2014-09-12 19:09 - 2014-09-12 19:09 - 02953520 _____ (AVAST Software) C:\Users\Marcus\Downloads\avast-browser-cleanup.exe

2014-09-12 19:09 - 2014-09-12 19:09 - 01373475 _____ () C:\Users\Marcus\Desktop\adwcleaner_3.310.exe

2014-09-12 19:08 - 2014-09-12 19:09 - 96541200 _____ (Sophos Limited) C:\Users\Marcus\Downloads\Sophos Virus Removal Tool.exe

2014-09-12 18:41 - 2014-09-12 18:41 - 00000110 _____ () C:\Users\Marcus\Desktop\fix.reg

2014-09-12 18:41 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-09-12 13:19 - 2014-09-12 13:19 - 01903885 _____ () C:\Users\Marcus\Downloads\HoxHud P6.3 Self-installer.exe

2014-09-12 13:06 - 2014-09-12 13:15 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Reign of Augustus

2014-09-12 11:56 - 2014-09-12 11:56 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk

2014-09-11 19:48 - 2014-09-11 19:48 - 01903090 _____ () C:\Users\Marcus\Downloads\HoxHud P6.2 Self-installer.exe

2014-09-10 08:32 - 2014-09-10 08:34 - 16629778 _____ () C:\Users\Marcus\Downloads\HD Weapons mod Patch 35.pdmod

2014-09-08 20:21 - 2014-09-08 20:23 - 16560840 _____ (Philipp Schmieder Medien ) C:\Users\Marcus\Downloads\clipgrab-3.4.7.exe

2014-09-07 20:57 - 2014-09-07 20:57 - 00000218 _____ () C:\Users\Marcus\AppData\Local\recently-used.xbel

2014-09-05 10:05 - 2014-09-05 10:05 - 01884711 _____ () C:\Users\Marcus\Downloads\HoxHud P6.1 Self-installer.exe

2014-08-30 17:01 - 2014-08-30 17:07 - 00000000 ____D () C:\Users\Marcus\Desktop\BILDER

2014-08-30 17:01 - 2014-08-30 17:01 - 00000287 _____ () C:\Users\Marcus\Desktop\Dator.lnk

2014-08-29 19:35 - 2014-08-29 19:35 - 00002169 _____ () C:\Users\Public\Desktop\Postal 2.lnk

2014-08-29 19:35 - 2014-08-29 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [GOG.com]

2014-08-29 19:07 - 2014-08-29 19:16 - 00001201 _____ () C:\Users\Public\Desktop\SWAT 3 - Tactical Game of The Year Edition.lnk

2014-08-29 19:07 - 2014-08-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 3 [GOG.com]

2014-08-29 19:00 - 2014-08-29 19:01 - 21446104 _____ () C:\Users\Marcus\Downloads\SWAT3(swat3_20up_us).zip

2014-08-29 19:00 - 2014-08-29 19:01 - 03636234 _____ () C:\Users\Marcus\Downloads\SWAT3(swat3_21up_us).zip

2014-08-29 14:46 - 2014-08-29 14:46 - 00001987 _____ () C:\Users\Public\Desktop\Caesar 3.lnk

2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesar 3 [GOG.com]

2014-08-27 21:43 - 2014-08-27 21:43 - 01889813 _____ () C:\Users\Marcus\Downloads\HoxHud P5.1 Self-installer (1).exe

2014-08-27 21:39 - 2014-08-27 21:40 - 01889813 _____ () C:\Users\Marcus\Downloads\HoxHud P5.1 Self-installer.exe

2014-08-20 17:07 - 2014-08-20 17:07 - 00000000 ____D () C:\Users\Marcus\Documents\NeocoreGames

2014-08-18 20:49 - 2014-08-18 20:50 - 10342238 _____ () C:\Users\Marcus\Downloads\minecraft_server.14w31a.jar

2014-08-18 16:32 - 2014-08-18 16:32 - 01058200 _____ (Adobe) C:\Users\Marcus\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe

2014-08-17 23:58 - 2014-08-17 23:58 - 00000130 _____ () C:\Users\Marcus\Desktop\Joker to the Thief.txt

2014-08-17 23:13 - 2014-08-17 23:13 - 00001411 _____ () C:\Users\Marcus\Desktop\Discovery Freelancer.lnk

2014-08-17 22:43 - 2014-08-17 22:43 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discovery Freelancer

2014-08-17 22:40 - 2014-08-17 22:43 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Discovery Freelancer 4.87.0

2014-08-17 22:25 - 2014-08-17 22:37 - 95042659 _____ () C:\Users\Marcus\Downloads\discovery_4.87.0.exe

2014-08-17 22:14 - 2014-08-17 22:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Freelancer

2014-08-17 22:12 - 2014-08-17 22:12 - 00002258 _____ () C:\Users\Public\Desktop\Freelancer.lnk

2014-08-17 22:02 - 2014-08-17 22:02 - 00001717 _____ () C:\Users\Marcus\Desktop\Evochron Mercenary.lnk

2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 ____D () C:\sw3dg

2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evochron Mercenary

2014-08-17 22:01 - 2014-06-29 14:20 - 00020276 _____ () C:\Users\Marcus\Desktop\THETA.nfo

2014-08-17 22:01 - 2014-06-28 16:24 - 162700888 _____ (StarWraith 3D Games LLC ) C:\Users\Marcus\Desktop\evochron_mercenary2848.exe

2014-08-15 19:25 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll

2014-08-15 19:25 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll

2014-08-15 19:25 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll

2014-08-15 19:25 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll

2014-08-15 19:25 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll

2014-08-15 19:25 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-14 17:07 - 2014-09-14 16:25 - 00021846 _____ () C:\Users\Marcus\Downloads\FRST.txt

2014-09-14 17:07 - 2013-10-11 11:03 - 00000214 _____ () C:\Users\Marcus\Documents\pms.xml

2014-09-14 17:06 - 2014-09-14 16:25 - 00000000 ____D () C:\FRST

2014-09-14 17:05 - 2013-10-11 13:57 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1261373903-4154722331-439683534-1001

2014-09-14 17:00 - 2014-09-14 16:50 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP

2014-09-14 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-09-14 16:57 - 2013-10-11 11:44 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-09-14 16:55 - 2014-02-20 16:15 - 01139845 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 _____ () C:\autoexec.bat

2014-09-14 16:50 - 2014-09-14 16:50 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-09-14 16:49 - 2014-09-14 16:48 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Marcus\Downloads\SpyHunter-Installer.exe

2014-09-14 16:31 - 2014-07-13 06:51 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2014-09-14 16:30 - 2014-09-14 16:26 - 00050146 _____ () C:\Users\Marcus\Downloads\Addition.txt

2014-09-14 16:28 - 2013-10-11 13:47 - 00001014 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-14 16:25 - 2014-09-14 16:25 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe

2014-09-14 16:05 - 2013-08-22 16:46 - 00330351 _____ () C:\WINDOWS\setupact.log

2014-09-14 15:59 - 2014-05-17 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-09-14 15:58 - 2014-09-12 19:18 - 00000000 ____D () C:\AdwCleaner

2014-09-14 15:56 - 2014-06-22 22:39 - 00030720 ___SH () C:\Users\Marcus\Downloads\Thumbs.db

2014-09-14 15:56 - 2013-10-11 13:51 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-09-14 15:54 - 2013-10-11 13:47 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-14 15:53 - 2014-02-22 17:22 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-09-14 15:53 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-14 15:52 - 2013-11-14 00:22 - 00017874 _____ () C:\WINDOWS\PFRO.log

2014-09-14 15:52 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-09-14 15:48 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-09-14 15:34 - 2014-05-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-14 15:34 - 2014-05-17 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-14 15:34 - 2013-10-14 19:52 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-14 15:33 - 2014-09-14 15:33 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-09-14 15:33 - 2014-09-14 15:33 - 00000000 ____D () C:\Program Files\HitmanPro

2014-09-14 15:32 - 2014-09-14 15:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marcus\Downloads\mbam-setup-2.0.2.1012.exe

2014-09-14 15:32 - 2014-09-14 15:32 - 11194928 _____ (SurfRight B.V.) C:\Users\Marcus\Downloads\HitmanPro_x64.exe

2014-09-14 15:22 - 2014-03-18 22:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\LSC

2014-09-14 14:56 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-09-14 14:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-09-14 13:56 - 2013-08-22 16:44 - 00354560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-09-13 18:45 - 2013-10-11 18:11 - 00000008 _____ () C:\Users\Marcus\Documents\lmscfg

2014-09-13 18:39 - 2014-04-21 22:36 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\vlc

2014-09-13 18:24 - 2014-07-13 21:37 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe

2014-09-13 17:20 - 2013-10-13 12:55 - 00000000 ____D () C:\Users\Marcus\Documents\Witcher 2

2014-09-13 14:01 - 2014-06-11 15:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-09-13 14:01 - 2014-06-11 15:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-09-13 14:01 - 2014-06-11 15:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-09-13 14:01 - 2014-06-11 15:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-09-13 14:01 - 2014-06-11 15:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-09-13 14:01 - 2014-06-11 15:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-09-13 14:01 - 2014-05-02 20:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-09-13 14:01 - 2014-05-02 20:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-09-13 13:39 - 2013-10-12 14:31 - 00000000 ____D () C:\Users\Marcus\Documents\My Games

2014-09-13 13:06 - 2014-09-13 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Civitas2

2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\Users\Marcus\Documents\Kalypso Media

2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\ProgramData\Airline Tycoon 2

2014-09-12 19:30 - 2013-11-04 18:00 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Kalypso Media

2014-09-12 19:17 - 2013-10-20 20:37 - 00000000 ____D () C:\Users\Marcus\Documents\BitLord

2014-09-12 19:10 - 2014-09-12 19:10 - 00003243 _____ () C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.lnk

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\ProgramData\Sophos

2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Program Files (x86)\Sophos

2014-09-12 19:09 - 2014-09-12 19:09 - 02953520 _____ (AVAST Software) C:\Users\Marcus\Downloads\avast-browser-cleanup.exe

2014-09-12 19:09 - 2014-09-12 19:09 - 01373475 _____ () C:\Users\Marcus\Desktop\adwcleaner_3.310.exe

2014-09-12 19:09 - 2014-09-12 19:08 - 96541200 _____ (Sophos Limited) C:\Users\Marcus\Downloads\Sophos Virus Removal Tool.exe

2014-09-12 18:59 - 2013-10-11 19:27 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-09-12 18:55 - 2013-10-11 19:27 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-09-12 18:41 - 2014-09-12 18:41 - 00000110 _____ () C:\Users\Marcus\Desktop\fix.reg

2014-09-12 18:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PLA

2014-09-12 18:36 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-09-12 13:19 - 2014-09-12 13:19 - 01903885 _____ () C:\Users\Marcus\Downloads\HoxHud P6.3 Self-installer.exe

2014-09-12 13:15 - 2014-09-12 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Reign of Augustus

2014-09-12 13:05 - 2013-10-12 14:30 - 00338370 _____ () C:\WINDOWS\DirectX.log

2014-09-12 11:56 - 2014-09-12 11:56 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk

2014-09-12 11:56 - 2013-06-18 02:54 - 00000000 ____D () C:\Program Files\Lenovo

2014-09-12 11:55 - 2013-06-18 02:57 - 00000000 ____D () C:\WINDOWS\Downloaded Installations

2014-09-12 11:25 - 2014-05-22 18:49 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Spotify

2014-09-12 11:13 - 2013-10-11 11:22 - 00000000 ____D () C:\Program Files (x86)\Spel

2014-09-11 22:03 - 2014-02-19 20:10 - 00000000 ____D () C:\Users\Marcus\Documents\My Downloaded Video

2014-09-11 19:48 - 2014-09-11 19:48 - 01903090 _____ () C:\Users\Marcus\Downloads\HoxHud P6.2 Self-installer.exe

2014-09-10 09:25 - 2013-12-07 22:13 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\.minecraft

2014-09-10 08:34 - 2014-09-10 08:32 - 16629778 _____ () C:\Users\Marcus\Downloads\HD Weapons mod Patch 35.pdmod

2014-09-10 06:59 - 2013-10-11 11:20 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Battle.net

2014-09-10 06:58 - 2013-10-11 11:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2014-09-10 06:23 - 2013-10-14 21:38 - 01391616 ___SH () C:\Users\Marcus\Desktop\Thumbs.db

2014-09-08 20:25 - 2014-04-21 22:15 - 00001030 _____ () C:\Users\Public\Desktop\ClipGrab.lnk

2014-09-08 20:25 - 2014-04-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab

2014-09-08 20:25 - 2014-04-21 22:15 - 00000000 ____D () C:\Program Files (x86)\ClipGrab

2014-09-08 20:23 - 2014-09-08 20:21 - 16560840 _____ (Philipp Schmieder Medien ) C:\Users\Marcus\Downloads\clipgrab-3.4.7.exe

2014-09-08 16:17 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Spotify

2014-09-07 21:29 - 2013-10-30 23:40 - 00000000 ____D () C:\ProgramData\Package Cache

2014-09-07 21:28 - 2014-02-23 16:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx

2014-09-07 21:28 - 2013-12-23 07:21 - 00000000 ____D () C:\Temp

2014-09-07 21:28 - 2013-11-17 18:15 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp

2014-09-07 20:57 - 2014-09-07 20:57 - 00000218 _____ () C:\Users\Marcus\AppData\Local\recently-used.xbel

2014-09-05 10:05 - 2014-09-05 10:05 - 01884711 _____ () C:\Users\Marcus\Downloads\HoxHud P6.1 Self-installer.exe

2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-30 17:07 - 2014-08-30 17:01 - 00000000 ____D () C:\Users\Marcus\Desktop\BILDER

2014-08-30 17:02 - 2013-11-14 09:31 - 01743900 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-08-30 17:02 - 2013-11-14 09:15 - 00733626 _____ () C:\WINDOWS\system32\perfh01D.dat

2014-08-30 17:02 - 2013-11-14 09:15 - 00152496 _____ () C:\WINDOWS\system32\perfc01D.dat

2014-08-30 17:01 - 2014-08-30 17:01 - 00000287 _____ () C:\Users\Marcus\Desktop\Dator.lnk

2014-08-29 19:35 - 2014-08-29 19:35 - 00002169 _____ () C:\Users\Public\Desktop\Postal 2.lnk

2014-08-29 19:35 - 2014-08-29 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [GOG.com]

2014-08-29 19:16 - 2014-08-29 19:07 - 00001201 _____ () C:\Users\Public\Desktop\SWAT 3 - Tactical Game of The Year Edition.lnk

2014-08-29 19:07 - 2014-08-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 3 [GOG.com]

2014-08-29 19:01 - 2014-08-29 19:00 - 21446104 _____ () C:\Users\Marcus\Downloads\SWAT3(swat3_20up_us).zip

2014-08-29 19:01 - 2014-08-29 19:00 - 03636234 _____ () C:\Users\Marcus\Downloads\SWAT3(swat3_21up_us).zip

2014-08-29 14:46 - 2014-08-29 14:46 - 00001987 _____ () C:\Users\Public\Desktop\Caesar 3.lnk

2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesar 3 [GOG.com]

2014-08-29 14:35 - 2014-06-13 18:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\GOG.com

2014-08-27 21:43 - 2014-08-27 21:43 - 01889813 _____ () C:\Users\Marcus\Downloads\HoxHud P5.1 Self-installer (1).exe

2014-08-27 21:40 - 2014-08-27 21:39 - 01889813 _____ () C:\Users\Marcus\Downloads\HoxHud P5.1 Self-installer.exe

2014-08-25 19:43 - 2014-07-18 04:51 - 00000000 ____D () C:\Users\Marcus\Documents\Euro Truck Simulator 2

2014-08-23 02:42 - 2014-09-12 18:41 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2014-08-20 17:07 - 2014-08-20 17:07 - 00000000 ____D () C:\Users\Marcus\Documents\NeocoreGames

2014-08-18 20:50 - 2014-08-18 20:49 - 10342238 _____ () C:\Users\Marcus\Downloads\minecraft_server.14w31a.jar

2014-08-18 16:32 - 2014-08-18 16:32 - 01058200 _____ (Adobe) C:\Users\Marcus\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe

2014-08-17 23:58 - 2014-08-17 23:58 - 00000130 _____ () C:\Users\Marcus\Desktop\Joker to the Thief.txt

2014-08-17 23:13 - 2014-08-17 23:13 - 00001411 _____ () C:\Users\Marcus\Desktop\Discovery Freelancer.lnk

2014-08-17 22:43 - 2014-08-17 22:43 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discovery Freelancer

2014-08-17 22:43 - 2014-08-17 22:40 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Discovery Freelancer 4.87.0

2014-08-17 22:37 - 2014-08-17 22:25 - 95042659 _____ () C:\Users\Marcus\Downloads\discovery_4.87.0.exe

2014-08-17 22:14 - 2014-08-17 22:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Freelancer

2014-08-17 22:12 - 2014-08-17 22:12 - 00002258 _____ () C:\Users\Public\Desktop\Freelancer.lnk

2014-08-17 22:12 - 2013-12-11 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games

2014-08-17 22:10 - 2013-12-11 21:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games

2014-08-17 22:02 - 2014-08-17 22:02 - 00001717 _____ () C:\Users\Marcus\Desktop\Evochron Mercenary.lnk

2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 ____D () C:\sw3dg

2014-08-17 22:02 - 2014-08-17 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evochron Mercenary

2014-08-16 04:40 - 2014-09-13 14:01 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-08-16 04:04 - 2014-09-13 14:01 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-08-16 04:00 - 2014-09-13 14:01 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-08-16 04:00 - 2014-09-13 14:01 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-08-16 03:56 - 2014-09-13 14:01 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-08-16 03:54 - 2014-09-13 14:01 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-08-16 03:45 - 2014-09-13 14:01 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-08-16 03:43 - 2014-09-13 14:01 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-08-16 03:32 - 2014-09-13 14:01 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-08-16 03:25 - 2014-09-13 14:01 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-08-16 03:22 - 2014-09-13 14:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-08-16 03:20 - 2014-09-13 14:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-08-16 03:19 - 2014-09-13 14:01 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-08-16 03:18 - 2014-09-13 14:01 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-08-16 03:18 - 2014-09-13 14:01 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-08-16 03:11 - 2014-09-13 14:01 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-08-16 03:06 - 2014-09-13 14:01 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-08-16 03:05 - 2014-09-13 14:01 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-08-16 03:05 - 2014-09-13 14:01 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-08-16 03:03 - 2014-09-13 14:01 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
[color=rgb(40,40,40)]
2014-08-16 03:03 - 2014-09-13 14:01 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
[/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:58 - 2014-09-13 14:01 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:56 - 2014-09-13 14:01 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:53 - 2014-09-13 14:01 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:53 - 2014-09-13 14:01 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:53 - 2014-09-13 14:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:51 - 2014-09-13 14:01 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:45 - 2014-09-13 14:01 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:44 - 2014-09-13 14:01 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:44 - 2014-09-13 14:01 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:34 - 2014-09-13 14:01 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:20 - 2014-09-13 14:01 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:18 - 2014-09-13 14:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:14 - 2014-09-13 14:01 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-16 02:12 - 2014-09-13 14:01 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 19:27 - 2013-11-15 17:59 - 00000000 ____D () C:\Users\Marcus\Documents\Egosoft[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 19:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 12:32 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 12:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 12:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\MediaViewer[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 12:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\FileManager[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 12:32 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Camera[/font][/color][color=rgb(40,40,40)][font=helvetica]
2014-08-15 02:36 - 2014-09-14 14:35 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
Files to move or delete:[/font][/color][color=rgb(40,40,40)][font=helvetica]
====================[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\ProgramData\Lenovo-32651.vbs[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\ProgramData\Lenovo-32706.vbs[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
Some content of TEMP:[/font][/color][color=rgb(40,40,40)][font=helvetica]
====================[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\cres.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\cshell.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\drm_dyndata_7370007.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPI.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPI64.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPISvr.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\nvStInst.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\SHSetup.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\sres.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\SRLDetectionLibrary7248752197457562658.dll[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Users\Marcus\AppData\Local\Temp\Wildstar.exe[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
==================== Bamital & volsnap Check =================[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
(There is no automatic fix for files that do not pass verification.)[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\winlogon.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\wininit.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\explorer.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\SysWOW64\explorer.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\svchost.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\SysWOW64\svchost.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\services.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\User32.dll => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\SysWOW64\User32.dll => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\userinit.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\SysWOW64\userinit.exe => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\rpcss.dll => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
LastRegBack: 2014-09-14 16:12[/font][/color][color=rgb(40,40,40)][font=helvetica]
 [/font][/color][color=rgb(40,40,40)][font=helvetica]
==================== End Of Log ============================[/font][/color]
 

Attached Files


Edited by hamluis, 14 September 2014 - 02:52 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 14 September 2014 - 03:56 PM

Hello Marwing

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!
  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



I need you to download this script I have made for you --> Attached File  fixlist.txt   325bytes   4 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 14 September 2014 - 05:55 PM

Hey! Ty for helping me. I will keep all that in mind that you wrote for me =)

 

Here is the Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Marcus at 2014-09-15 00:52:06 Run:1
Running from C:\Users\Marcus\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
 
 
 
*****************
 
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
HKU\S-1-5-21-1261373903-4154722331-439683534-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => Value not found.
 
==== End of Fixlog ====


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 15 September 2014 - 10:20 AM



Hello Marwing

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 15 September 2014 - 02:41 PM

Heres the Adwcleaner logfile 

 

# AdwCleaner v3.310 - Report created 15/09/2014 at 18:02:29
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Marcus - MARCUS-PC
# Running from : C:\Users\Marcus\Desktop\adwcleaner_3.310.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [9076 octets] - [12/09/2014 19:18:22]
AdwCleaner[R1].txt - [905 octets] - [14/09/2014 13:59:11]
AdwCleaner[R2].txt - [964 octets] - [14/09/2014 15:50:37]
AdwCleaner[R3].txt - [1082 octets] - [14/09/2014 15:57:41]
AdwCleaner[R4].txt - [883 octets] - [15/09/2014 18:02:29]
AdwCleaner[S0].txt - [2658 octets] - [12/09/2014 19:21:15]
AdwCleaner[S1].txt - [1024 octets] - [14/09/2014 15:52:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1062 octets] ##########
 
 
 
 
 
And heres the JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Marcus on 2014-09-15 at 18:04:51,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-09-15 at 18:10:47,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Ive not had any more popups from that website now so i think its all gone =D


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 17 September 2014 - 07:08 AM


Hello Marwing

yea itg is gone but I am doing a general cleaning to make sure it is stays gone

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 21 September 2014 - 11:04 AM

Hi, when im trying to download the file my antivirus says its a virus. Is this normal or am i getting a bad version of the combofix?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 22 September 2014 - 03:14 PM

I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.

I would like for you to use these settings
Under whitelist I would like everything to be checked
Under optional scan
Only have Addition.txt select (the other three blank)
Press the Scan button.
It will make a two logs (FRST.txt) and (Addition.txt) in the same directory the tool is run from.

Please attach both reports to your reply to me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 23 September 2014 - 05:32 AM

Here you go

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Marcus (administrator) on MARCUS-PC on 23-09-2014 12:27:43
Running from C:\Users\Marcus\Downloads
Platform: Windows 8.1 (X64) OS Language: Svenska (Sverige)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Technology Nexus AB) C:\Program Files (x86)\Personal\bin\Personal.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Lenovo) C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marcus\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-01] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-02] (Logitech Inc.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-16] ()
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe [751104 2012-09-24] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1938112 2014-09-15] (Valve Corporation)
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-06-11] (Electronic Arts)
HKU\S-1-5-21-1261373903-4154722331-439683534-1001\...\MountPoints2: {9d301f09-39f0-11e3-be78-d43d7eab58d7} - "D:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BankID säkerhetsprogram.lnk
ShortcutTarget: BankID säkerhetsprogram.lnk -> C:\Program Files (x86)\Personal\bin\Personal.exe (Technology Nexus AB)
Startup: C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM - {F6C6E837-9FDA-4FD8-AAEB-A6D99F334239} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {F6C6E837-9FDA-4FD8-AAEB-A6D99F334239} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @se.nexus/Personal -> C:\Program Files (x86)\Personal\bin\np_prsnl.dll (Technology Nexus AB)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.se/
CHR DefaultSearchKeyword: Default -> CDAD12481A41DF87F80AF2E2A9A361D9668AB54A6FC6905BA0C2CAEA64548879
CHR DefaultSearchURL: Default -> 7828FBD8F396F4A2550DDA12D7F976160EED5132CC9F2604E126BAC31B18B046
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Dokument) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-11]
CHR Extension: (Google Drive) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]
CHR Extension: (Sök på Google) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-12]
CHR Extension: (avast! Online Security) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-15]
CHR Extension: (Google Wallet) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Battlefield Play4Free) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2013-11-16]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-17] (AVAST Software)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [175136 2014-09-04] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-01] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2457232 2012-07-24] (Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-16] () [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
R2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Control Switch\LenovoCOMSvc.exe [37376 2012-09-24] (Lenovo) [File not signed]
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R3 LitModeCtrl; C:\Program Files\Lenovo\Power Control Switch\LitModeCtrl.exe [141824 2012-09-24] (Lenovo) [File not signed]
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-09-03] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-17] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-10-21] (Disc Soft Ltd)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 VBAudioVACMME; C:\Windows\system32\DRIVERS\vbaudio_cable64_win7.sys [41192 2013-07-11] (Windows ® Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2014-04-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-03] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-23 12:26 - 2014-09-23 12:27 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64 (1).exe
2014-09-21 18:05 - 2014-09-21 18:05 - 00001549 _____ () C:\Users\Marcus\Desktop\Combofix.txt
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-21 17:51 - 2014-09-04 21:14 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-09-21 17:51 - 2014-09-04 21:14 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-09-21 16:43 - 2014-09-21 16:43 - 00000218 _____ () C:\Users\Marcus\AppData\Local\recently-used.xbel
2014-09-16 14:33 - 2014-09-16 14:33 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-16 14:33 - 2014-09-16 14:33 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-16 14:33 - 2014-09-16 14:33 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-15 17:34 - 2014-09-15 17:34 - 01016261 _____ (Thisisu) C:\Users\Marcus\Downloads\JRT.exe
2014-09-15 17:34 - 2014-09-15 17:34 - 01016261 _____ (Thisisu) C:\Users\Marcus\Desktop\JRT.exe
2014-09-14 18:15 - 2014-09-14 18:15 - 01889037 _____ () C:\Users\Marcus\Downloads\HoxHud P6.4 Self-installer.exe
2014-09-14 18:07 - 2014-09-14 18:07 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Deployment
2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 _____ () C:\autoexec.bat
2014-09-14 16:50 - 2014-09-14 17:00 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-14 16:50 - 2014-09-14 16:50 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-14 16:26 - 2014-09-14 17:07 - 00050402 _____ () C:\Users\Marcus\Downloads\Addition.txt
2014-09-14 16:25 - 2014-09-23 12:28 - 00020723 _____ () C:\Users\Marcus\Downloads\FRST.txt
2014-09-14 16:25 - 2014-09-23 12:27 - 00000000 ____D () C:\FRST
2014-09-14 16:25 - 2014-09-14 16:25 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe
2014-09-14 15:32 - 2014-09-14 15:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-14 15:28 - 2014-07-24 17:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 15:28 - 2014-07-24 17:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 15:28 - 2014-07-24 17:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 15:28 - 2014-07-24 17:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 15:28 - 2014-07-24 17:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 15:28 - 2014-07-24 17:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 15:28 - 2014-07-24 17:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 15:28 - 2014-07-24 17:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 15:28 - 2014-07-24 17:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 15:28 - 2014-07-24 17:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 15:28 - 2014-07-24 17:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 15:28 - 2014-07-24 17:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 15:28 - 2014-07-24 17:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 15:28 - 2014-07-24 17:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 15:28 - 2014-07-24 17:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 15:28 - 2014-07-24 17:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 15:28 - 2014-07-24 17:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 15:28 - 2014-07-24 17:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 15:28 - 2014-07-24 17:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 15:28 - 2014-07-24 17:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 15:28 - 2014-07-24 17:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 15:28 - 2014-07-24 17:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 15:28 - 2014-07-24 17:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 15:28 - 2014-07-24 17:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 15:28 - 2014-07-24 16:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 15:28 - 2014-07-24 16:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 15:28 - 2014-07-24 15:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 15:28 - 2014-07-24 15:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 15:28 - 2014-07-24 15:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 15:28 - 2014-07-24 15:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 15:28 - 2014-07-24 15:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 15:28 - 2014-07-24 15:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 15:28 - 2014-07-24 15:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 15:28 - 2014-07-24 15:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 15:28 - 2014-07-24 15:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 15:28 - 2014-07-24 15:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 15:28 - 2014-07-24 13:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 15:28 - 2014-07-24 13:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 15:28 - 2014-07-24 13:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 15:28 - 2014-07-24 13:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 15:28 - 2014-07-24 13:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 15:28 - 2014-07-24 13:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 15:28 - 2014-07-24 13:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 15:28 - 2014-07-24 13:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 15:28 - 2014-07-24 13:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 15:28 - 2014-07-24 13:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 15:28 - 2014-07-24 13:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 15:28 - 2014-07-24 12:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 15:28 - 2014-07-24 12:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 15:28 - 2014-07-24 12:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 15:28 - 2014-07-24 12:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 15:28 - 2014-07-24 12:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 15:28 - 2014-07-24 12:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 15:28 - 2014-07-24 12:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 15:28 - 2014-07-24 12:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 15:28 - 2014-07-24 12:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 15:28 - 2014-07-24 11:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 15:28 - 2014-07-24 11:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 15:28 - 2014-07-24 11:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 15:28 - 2014-07-24 11:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 15:28 - 2014-07-24 11:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 15:28 - 2014-07-24 11:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 15:28 - 2014-07-24 11:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 15:28 - 2014-07-24 11:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 15:28 - 2014-07-24 11:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 15:28 - 2014-07-24 11:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 15:28 - 2014-07-24 11:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 15:28 - 2014-07-24 11:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 15:28 - 2014-07-24 11:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 15:28 - 2014-07-24 11:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 15:28 - 2014-07-24 11:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 15:28 - 2014-07-24 10:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 15:28 - 2014-07-24 10:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 15:28 - 2014-07-24 10:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 15:28 - 2014-07-24 10:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 15:28 - 2014-07-24 10:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 15:28 - 2014-07-24 10:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 15:28 - 2014-07-24 10:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 15:28 - 2014-07-24 10:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 15:28 - 2014-07-24 10:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 15:28 - 2014-07-24 10:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 15:28 - 2014-07-24 10:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 15:28 - 2014-07-24 10:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 15:28 - 2014-07-24 10:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 15:28 - 2014-07-24 10:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 15:28 - 2014-07-24 10:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 15:28 - 2014-07-24 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 15:28 - 2014-07-24 10:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 15:28 - 2014-07-24 10:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 15:28 - 2014-07-24 10:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 15:28 - 2014-07-24 10:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 15:28 - 2014-07-24 10:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 15:28 - 2014-07-24 10:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 15:28 - 2014-07-24 10:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 15:28 - 2014-07-24 10:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 15:28 - 2014-07-24 10:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 15:28 - 2014-07-24 10:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 15:28 - 2014-07-24 10:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 15:28 - 2014-07-24 10:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 15:28 - 2014-07-24 10:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 15:28 - 2014-07-24 10:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 15:28 - 2014-07-24 10:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 15:28 - 2014-07-24 10:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 15:28 - 2014-07-24 10:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 15:28 - 2014-07-24 10:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 15:28 - 2014-07-24 09:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 15:28 - 2014-07-24 09:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 15:28 - 2014-07-24 09:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 15:28 - 2014-07-24 09:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 15:28 - 2014-07-24 09:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 15:28 - 2014-07-24 09:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 15:28 - 2014-07-24 09:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 15:28 - 2014-07-24 09:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 15:28 - 2014-07-24 09:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 15:28 - 2014-07-24 09:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 15:28 - 2014-07-24 09:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 15:28 - 2014-07-24 09:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 15:28 - 2014-07-24 09:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 15:28 - 2014-07-24 09:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 15:28 - 2014-07-24 09:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 15:28 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 15:28 - 2014-07-24 06:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 15:28 - 2014-07-12 07:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 15:28 - 2014-07-12 06:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 15:28 - 2014-07-12 06:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 15:28 - 2014-07-04 14:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 15:28 - 2014-07-04 12:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 15:28 - 2014-07-04 12:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 15:28 - 2014-07-04 12:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 15:28 - 2014-07-04 11:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 15:28 - 2014-07-04 11:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 15:28 - 2014-06-27 08:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 15:28 - 2014-06-26 02:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 15:28 - 2014-06-20 01:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 15:28 - 2014-06-19 04:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 15:28 - 2014-06-14 08:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 15:28 - 2014-06-14 07:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 15:28 - 2014-06-05 16:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 15:28 - 2014-06-05 12:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 15:28 - 2014-06-05 11:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 15:28 - 2014-05-31 07:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 15:28 - 2014-05-31 06:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 15:28 - 2014-05-29 08:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 15:28 - 2014-05-29 07:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 15:28 - 2014-05-26 09:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 15:28 - 2014-05-10 12:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 15:28 - 2014-05-10 10:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 15:28 - 2014-05-06 06:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 15:28 - 2014-05-06 02:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 15:28 - 2014-03-25 04:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 15:28 - 2014-03-25 04:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 15:28 - 2014-03-25 03:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 15:28 - 2014-03-25 03:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 15:27 - 2014-07-24 17:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 15:27 - 2014-07-24 13:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 15:27 - 2014-07-24 13:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 15:27 - 2014-07-24 13:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 15:27 - 2014-07-24 13:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 15:27 - 2014-07-24 13:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 15:27 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 15:27 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 15:27 - 2014-07-24 12:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 15:27 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 15:27 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 15:27 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 15:27 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 15:27 - 2014-07-24 12:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 15:27 - 2014-07-24 12:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 15:27 - 2014-07-24 12:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 15:27 - 2014-07-24 12:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 15:27 - 2014-07-24 11:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 15:27 - 2014-07-24 11:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 15:27 - 2014-07-24 11:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 15:27 - 2014-07-24 11:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 15:27 - 2014-07-24 11:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 15:27 - 2014-07-24 11:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 15:27 - 2014-07-24 11:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 15:27 - 2014-07-24 11:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 15:27 - 2014-07-24 11:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 15:27 - 2014-07-24 11:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 15:27 - 2014-07-24 11:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 15:27 - 2014-07-24 11:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 15:27 - 2014-07-24 10:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 15:27 - 2014-07-24 10:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 15:27 - 2014-07-24 10:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 15:27 - 2014-07-24 10:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 15:27 - 2014-07-24 10:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 15:27 - 2014-07-24 10:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 15:27 - 2014-07-24 10:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 15:27 - 2014-07-24 10:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:27 - 2014-07-24 10:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 15:27 - 2014-07-24 10:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 15:27 - 2014-07-24 10:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 15:27 - 2014-07-24 10:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 15:27 - 2014-07-24 10:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 15:27 - 2014-07-24 10:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 15:27 - 2014-07-24 10:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 15:27 - 2014-07-24 10:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 15:27 - 2014-07-24 09:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 15:27 - 2014-07-24 09:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 15:27 - 2014-07-24 09:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 15:27 - 2014-07-24 09:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 15:27 - 2014-07-12 07:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 15:27 - 2014-07-12 06:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 15:27 - 2014-07-10 01:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 15:27 - 2014-07-04 12:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 15:27 - 2014-06-26 02:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 15:27 - 2014-06-07 14:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 15:27 - 2014-06-07 12:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 15:27 - 2014-05-29 07:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 15:27 - 2014-05-29 06:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 14:35 - 2014-08-23 09:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 14:35 - 2014-08-23 09:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 14:35 - 2014-08-23 08:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 14:35 - 2014-08-23 07:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 14:35 - 2014-08-23 06:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 14:35 - 2014-08-23 06:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 14:35 - 2014-08-23 06:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 14:35 - 2014-08-23 06:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 14:35 - 2014-08-23 06:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 14:35 - 2014-08-15 02:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-14 14:35 - 2014-07-30 03:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 14:35 - 2014-07-29 07:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-13 14:01 - 2014-08-16 04:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-13 14:01 - 2014-08-16 04:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-13 14:01 - 2014-08-16 04:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-13 14:01 - 2014-08-16 04:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-13 14:01 - 2014-08-16 03:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-13 14:01 - 2014-08-16 03:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-13 14:01 - 2014-08-16 03:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-13 14:01 - 2014-08-16 03:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-13 14:01 - 2014-08-16 03:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-13 14:01 - 2014-08-16 03:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-13 14:01 - 2014-08-16 03:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-13 14:01 - 2014-08-16 03:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-13 14:01 - 2014-08-16 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-13 14:01 - 2014-08-16 03:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-13 14:01 - 2014-08-16 03:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-13 14:01 - 2014-08-16 03:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-13 14:01 - 2014-08-16 03:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-13 14:01 - 2014-08-16 03:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-13 14:01 - 2014-08-16 03:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-13 14:01 - 2014-08-16 03:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-13 14:01 - 2014-08-16 03:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-13 14:01 - 2014-08-16 02:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 14:01 - 2014-08-16 02:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-13 14:01 - 2014-08-16 02:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-13 14:01 - 2014-08-16 02:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-13 14:01 - 2014-08-16 02:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-13 14:01 - 2014-08-16 02:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-13 14:01 - 2014-08-16 02:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-13 14:01 - 2014-08-16 02:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-13 14:01 - 2014-08-16 02:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-13 14:01 - 2014-08-16 02:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-13 14:01 - 2014-08-16 02:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-13 14:01 - 2014-08-16 02:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-13 14:01 - 2014-08-16 02:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-13 14:01 - 2014-08-16 02:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-13 13:06 - 2014-09-13 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Civitas2
2014-09-13 12:50 - 2014-08-02 02:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-13 12:50 - 2014-07-24 05:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-13 12:50 - 2014-07-24 05:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\Users\Marcus\Documents\Kalypso Media
2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\ProgramData\Airline Tycoon 2
2014-09-12 19:19 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-12 19:18 - 2014-09-15 18:03 - 00000000 ____D () C:\AdwCleaner
2014-09-12 19:10 - 2014-09-12 19:10 - 00003243 _____ () C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.lnk
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-12 19:09 - 2014-09-12 19:09 - 02953520 _____ (AVAST Software) C:\Users\Marcus\Downloads\avast-browser-cleanup.exe
2014-09-12 19:09 - 2014-09-12 19:09 - 01373475 _____ () C:\Users\Marcus\Desktop\adwcleaner_3.310.exe
2014-09-12 19:08 - 2014-09-12 19:09 - 96541200 _____ (Sophos Limited) C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.exe
2014-09-12 18:41 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-09-12 13:06 - 2014-09-12 13:15 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Reign of Augustus
2014-09-12 11:56 - 2014-09-12 11:56 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-09-08 20:21 - 2014-09-08 20:23 - 16560840 _____ (Philipp Schmieder Medien ) C:\Users\Marcus\Downloads\clipgrab-3.4.7.exe
2014-08-30 17:01 - 2014-09-14 17:59 - 00000000 ____D () C:\Users\Marcus\Desktop\BILDER
2014-08-30 17:01 - 2014-08-30 17:01 - 00000287 _____ () C:\Users\Marcus\Desktop\Dator.lnk
2014-08-29 19:35 - 2014-08-29 19:35 - 00002169 _____ () C:\Users\Marcus\Desktop\Postal 2.lnk
2014-08-29 19:35 - 2014-08-29 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [GOG.com]
2014-08-29 19:07 - 2014-08-29 19:16 - 00001201 _____ () C:\Users\Marcus\Desktop\SWAT 3 - Tactical Game of The Year Edition.lnk
2014-08-29 19:07 - 2014-08-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 3 [GOG.com]
2014-08-29 14:46 - 2014-08-29 14:46 - 00001987 _____ () C:\Users\Marcus\Desktop\Caesar 3.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesar 3 [GOG.com]
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-23 12:28 - 2014-09-14 16:25 - 00020723 _____ () C:\Users\Marcus\Downloads\FRST.txt
2014-09-23 12:28 - 2013-10-11 13:47 - 00001014 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 12:28 - 2013-10-11 11:03 - 00000212 _____ () C:\Users\Marcus\Documents\pms.xml
2014-09-23 12:27 - 2014-09-23 12:26 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64 (1).exe
2014-09-23 12:27 - 2014-09-14 16:25 - 00000000 ____D () C:\FRST
2014-09-23 12:20 - 2014-05-17 13:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-23 11:55 - 2013-10-11 11:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 11:32 - 2014-02-20 16:15 - 01239104 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-23 11:31 - 2014-07-13 06:51 - 00000868 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-23 11:11 - 2013-08-22 16:46 - 00332178 _____ () C:\WINDOWS\setupact.log
2014-09-21 23:34 - 2013-10-11 13:57 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1261373903-4154722331-439683534-1001
2014-09-21 22:28 - 2013-10-11 13:51 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 22:28 - 2013-10-11 13:47 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-21 20:11 - 2014-04-21 22:36 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\vlc
2014-09-21 18:05 - 2014-09-21 18:05 - 00001549 _____ () C:\Users\Marcus\Desktop\Combofix.txt
2014-09-21 17:53 - 2014-02-20 16:15 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\WINDOWS\LastGood
2014-09-21 16:47 - 2013-10-20 20:37 - 00000000 ____D () C:\Users\Marcus\Documents\BitLord
2014-09-21 16:43 - 2014-09-21 16:43 - 00000218 _____ () C:\Users\Marcus\AppData\Local\recently-used.xbel
2014-09-20 14:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-18 20:41 - 2013-11-14 09:31 - 01743900 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-18 20:41 - 2013-11-14 09:15 - 00733626 _____ () C:\WINDOWS\system32\perfh01D.dat
2014-09-18 20:41 - 2013-11-14 09:15 - 00152496 _____ () C:\WINDOWS\system32\perfc01D.dat
2014-09-18 20:36 - 2014-02-20 16:21 - 00000000 ____D () C:\Users\Marcus
2014-09-18 20:34 - 2014-02-22 17:22 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-18 20:34 - 2013-11-14 00:22 - 00020702 _____ () C:\WINDOWS\PFRO.log
2014-09-18 20:34 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-18 20:34 - 2013-08-22 16:44 - 00354560 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-18 20:10 - 2014-02-19 20:10 - 00000000 ____D () C:\Users\Marcus\Documents\My Downloaded Video
2014-09-17 17:23 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-17 04:13 - 2014-06-21 16:50 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-09-17 04:13 - 2013-10-31 00:42 - 02193560 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-09-17 04:12 - 2014-06-21 16:50 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-09-17 04:12 - 2013-10-31 00:42 - 02799784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-09-16 23:53 - 2013-10-11 18:11 - 00000008 _____ () C:\Users\Marcus\Documents\lmscfg
2014-09-16 15:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 14:34 - 2013-12-07 22:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-16 14:33 - 2014-09-16 14:33 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-09-16 14:33 - 2014-09-16 14:33 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-09-16 14:33 - 2014-09-16 14:33 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-09-16 14:33 - 2013-12-07 22:12 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-09-16 14:33 - 2013-12-07 22:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-15 22:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-15 22:06 - 2013-11-14 09:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-15 22:06 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-15 22:06 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-15 18:04 - 2014-09-15 18:04 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-15 18:03 - 2014-09-12 19:18 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:34 - 2014-09-15 17:34 - 01016261 _____ (Thisisu) C:\Users\Marcus\Downloads\JRT.exe
2014-09-15 17:34 - 2014-09-15 17:34 - 01016261 _____ (Thisisu) C:\Users\Marcus\Desktop\JRT.exe
2014-09-14 18:15 - 2014-09-14 18:15 - 01889037 _____ () C:\Users\Marcus\Downloads\HoxHud P6.4 Self-installer.exe
2014-09-14 18:07 - 2014-09-14 18:07 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Deployment
2014-09-14 18:06 - 2013-11-16 14:50 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-09-14 18:04 - 2013-10-22 17:40 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-14 18:02 - 2013-10-13 15:36 - 00000000 ____D () C:\Users\Marcus\Desktop\Spel
2014-09-14 17:59 - 2014-08-30 17:01 - 00000000 ____D () C:\Users\Marcus\Desktop\BILDER
2014-09-14 17:58 - 2014-01-28 21:54 - 00000000 ____D () C:\Users\Marcus\Desktop\Musik
2014-09-14 17:55 - 2014-07-27 17:16 - 00000000 ____D () C:\Program Files\OBS
2014-09-14 17:55 - 2014-07-27 17:16 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-09-14 17:43 - 2013-10-12 14:31 - 00000000 ____D () C:\Users\Marcus\Documents\My Games
2014-09-14 17:07 - 2014-09-14 16:26 - 00050402 _____ () C:\Users\Marcus\Downloads\Addition.txt
2014-09-14 17:00 - 2014-09-14 16:50 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-14 16:51 - 2014-09-14 16:51 - 00000000 _____ () C:\autoexec.bat
2014-09-14 16:50 - 2014-09-14 16:50 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-14 16:25 - 2014-09-14 16:25 - 02105856 _____ (Farbar) C:\Users\Marcus\Downloads\FRST64.exe
2014-09-14 15:56 - 2014-06-22 22:39 - 00030720 ___SH () C:\Users\Marcus\Downloads\Thumbs.db
2014-09-14 15:48 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-14 15:34 - 2014-05-17 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-14 15:34 - 2014-05-17 13:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-14 15:34 - 2013-10-14 19:52 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-14 15:22 - 2014-03-18 22:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\LSC
2014-09-13 18:24 - 2014-07-13 21:37 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Adobe
2014-09-13 17:20 - 2013-10-13 12:55 - 00000000 ____D () C:\Users\Marcus\Documents\Witcher 2
2014-09-13 14:01 - 2014-06-11 15:51 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-13 14:01 - 2014-06-11 15:51 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-13 14:01 - 2014-06-11 15:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-13 14:01 - 2014-06-11 15:47 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-13 14:01 - 2014-06-11 15:47 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-13 14:01 - 2014-06-11 15:47 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-13 14:01 - 2014-05-02 20:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-13 14:01 - 2014-05-02 20:23 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-13 13:06 - 2014-09-13 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Civitas2
2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\Users\Marcus\Documents\Kalypso Media
2014-09-12 19:30 - 2014-09-12 19:30 - 00000000 ____D () C:\ProgramData\Airline Tycoon 2
2014-09-12 19:30 - 2013-11-04 18:00 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Kalypso Media
2014-09-12 19:10 - 2014-09-12 19:10 - 00003243 _____ () C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.lnk
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-12 19:10 - 2014-09-12 19:10 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-12 19:09 - 2014-09-12 19:09 - 02953520 _____ (AVAST Software) C:\Users\Marcus\Downloads\avast-browser-cleanup.exe
2014-09-12 19:09 - 2014-09-12 19:09 - 01373475 _____ () C:\Users\Marcus\Desktop\adwcleaner_3.310.exe
2014-09-12 19:09 - 2014-09-12 19:08 - 96541200 _____ (Sophos Limited) C:\Users\Marcus\Desktop\Sophos Virus Removal Tool.exe
2014-09-12 18:59 - 2013-10-11 19:27 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-12 18:55 - 2013-10-11 19:27 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-12 18:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PLA
2014-09-12 18:36 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-09-12 13:15 - 2014-09-12 13:06 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Reign of Augustus
2014-09-12 13:05 - 2013-10-12 14:30 - 00338370 _____ () C:\WINDOWS\DirectX.log
2014-09-12 11:56 - 2014-09-12 11:56 - 00002018 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-09-12 11:56 - 2013-06-18 02:54 - 00000000 ____D () C:\Program Files\Lenovo
2014-09-12 11:55 - 2013-06-18 02:57 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-09-12 11:25 - 2014-05-22 18:49 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\Spotify
2014-09-12 11:13 - 2013-10-11 11:22 - 00000000 ____D () C:\Program Files (x86)\Spel
2014-09-10 09:25 - 2013-12-07 22:13 - 00000000 ____D () C:\Users\Marcus\AppData\Roaming\.minecraft
2014-09-10 06:59 - 2013-10-11 11:20 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Battle.net
2014-09-10 06:58 - 2013-10-11 11:20 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-10 06:23 - 2013-10-14 21:38 - 01391616 ___SH () C:\Users\Marcus\Desktop\Thumbs.db
2014-09-08 20:25 - 2014-04-21 22:15 - 00001030 _____ () C:\Users\Public\Desktop\ClipGrab.lnk
2014-09-08 20:25 - 2014-04-21 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2014-09-08 20:25 - 2014-04-21 22:15 - 00000000 ____D () C:\Program Files (x86)\ClipGrab
2014-09-08 20:23 - 2014-09-08 20:21 - 16560840 _____ (Philipp Schmieder Medien ) C:\Users\Marcus\Downloads\clipgrab-3.4.7.exe
2014-09-08 16:17 - 2014-05-22 18:50 - 00000000 ____D () C:\Users\Marcus\AppData\Local\Spotify
2014-09-07 21:29 - 2013-10-30 23:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-07 21:28 - 2014-02-23 16:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-09-07 21:28 - 2013-12-23 07:21 - 00000000 ____D () C:\Temp
2014-09-07 21:28 - 2013-11-17 18:15 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-09-04 21:14 - 2014-09-21 17:51 - 00038048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-09-04 21:14 - 2014-09-21 17:51 - 00032416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-09-04 21:14 - 2014-01-23 17:08 - 00034976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2014-09-04 18:33 - 2014-05-31 18:15 - 00175136 _____ (EasyAntiCheat Ltd) C:\WINDOWS\SysWOW64\EasyAntiCheat.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:06 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 17:01 - 2014-08-30 17:01 - 00000287 _____ () C:\Users\Marcus\Desktop\Dator.lnk
2014-08-29 19:35 - 2014-08-29 19:35 - 00002169 _____ () C:\Users\Marcus\Desktop\Postal 2.lnk
2014-08-29 19:35 - 2014-08-29 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 [GOG.com]
2014-08-29 19:16 - 2014-08-29 19:07 - 00001201 _____ () C:\Users\Marcus\Desktop\SWAT 3 - Tactical Game of The Year Edition.lnk
2014-08-29 19:07 - 2014-08-29 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWAT 3 [GOG.com]
2014-08-29 14:46 - 2014-08-29 14:46 - 00001987 _____ () C:\Users\Marcus\Desktop\Caesar 3.lnk
2014-08-29 14:46 - 2014-08-29 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Caesar 3 [GOG.com]
2014-08-29 14:35 - 2014-06-13 18:14 - 00000000 ____D () C:\Users\Marcus\AppData\Local\GOG.com
2014-08-25 19:43 - 2014-07-18 04:51 - 00000000 ____D () C:\Users\Marcus\Documents\Euro Truck Simulator 2
 
Files to move or delete:
====================
C:\ProgramData\Lenovo-32651.vbs
C:\ProgramData\Lenovo-32706.vbs
 
 
Some content of TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\cres.dll
C:\Users\Marcus\AppData\Local\Temp\cshell.dll
C:\Users\Marcus\AppData\Local\Temp\drm_dyndata_7370007.dll
C:\Users\Marcus\AppData\Local\Temp\HitmanPro.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Marcus\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Marcus\AppData\Local\Temp\nvStInst.exe
C:\Users\Marcus\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcus\AppData\Local\Temp\SHSetup.exe
C:\Users\Marcus\AppData\Local\Temp\sres.dll
C:\Users\Marcus\AppData\Local\Temp\SRLDetectionLibrary7248752197457562658.dll
C:\Users\Marcus\AppData\Local\Temp\Wildstar.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-18 21:19
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Marcus at 2014-09-23 12:28:19
Running from C:\Users\Marcus\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Airline Tycoon 2 (HKLM-x32\...\Steam App 201490) (Version:  - b-Alive)
alien_crossfire (HKLM\...\{fa451eea-8a73-486b-9ea0-9628c2c2c3ad}.sdb) (Version:  - )
Aliens vs. Predator (HKLM-x32\...\{2A086701-1EEE-43F5-A9DB-DE2D73DC543D}_is1) (Version:  - )
Aliens vs. Predator 2 (HKLM-x32\...\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}) (Version:  - )
Alone in the Dark - The New Nightmare (HKLM-x32\...\GOGPACKALONEINTHEDARK_is1) (Version: 2.0.0.9 - GOG.com)
alpha_centauri (HKLM\...\{fe81cd48-2ed2-4e7d-886c-b65767350095}.sdb) (Version:  - )
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version:  - The Chinese Room)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Anachronox (HKLM-x32\...\Steam App 242940) (Version:  - )
Anomaly 2 (HKLM-x32\...\Steam App 236730) (Version:  - 11 bit studios)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programstöd (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
BankID säkerhetsprogram (HKLM-x32\...\{F42050A1-710C-433A-AC53-B6915C2E3F86}) (Version: 4.20.2 - Technology Nexus)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)
BitLord 2.3 (HKLM-x32\...\BitLord) (Version: 2.3.2-254 - House of Life)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Caesar 3 (HKLM-x32\...\GOGPACKCAESAR3_is1) (Version: 2.0.0.9 - GOG.com)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
ClipGrab 3.4.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\GOGPACKUNDYING_is1) (Version: 2.0.0.5 - GOG.com)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome LLC)
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
Cryostasis (HKLM-x32\...\Steam App 7850) (Version:  - Action Forms)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Daikatana (HKLM-x32\...\Steam App 242980) (Version:  - )
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)
Darkwood (HKLM-x32\...\Steam App 274520) (Version:  - Acid Wizard Studio)
Dawn of Fantasy: Kingdom Wars (HKLM-x32\...\Steam App 227180) (Version:  - Reverie World Studios)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Defiance (HKLM-x32\...\Steam App 224600) (Version:  - Trion Worlds)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
Desura (HKLM-x32\...\Desura) (Version: 100.53 - Desura)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Disciples III: Renaissance (HKLM-x32\...\Steam App 33670) (Version:  - Akella)
Disciples III: Resurrection (HKLM-x32\...\Steam App 200670) (Version:  - Akella)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Doom 2 GZDoom engine (HKLM-x32\...\{64F66907-8601-4E96-A46D-BD04AA3162AC}) (Version: 1.00.0000 - TheF0x)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
DuckTales Remastered (HKLM-x32\...\Steam App 237630) (Version:  - WayForward)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Dungeonland (HKLM-x32\...\Steam App 218130) (Version:  - Critical Studio)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version:  - Humble Hearts LLC)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Enclave (HKLM-x32\...\Steam App 253980) (Version:  - Topware)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Estranged: Act I (HKLM-x32\...\Steam App 261820) (Version:  - Alan Edwardes)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
F.E.A.R. (HKLM-x32\...\Steam App 21090) (Version:  - Monolith )
F.E.A.R.: Extraction Point (HKLM-x32\...\Steam App 21110) (Version:  - Monolith )
F.E.A.R.: Perseus Mandate (HKLM-x32\...\Steam App 21120) (Version:  - Monolith )
FamilySafetyGuide (HKLM-x32\...\{9A268503-5AB0-479E-9690-929BDEC55C00}) (Version: 1.00.0314 - lenovo)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Freelancer (HKLM-x32\...\Freelancer 1.0) (Version:  - )
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Ghostbusters: The Video Game (HKLM-x32\...\Steam App 9870) (Version:  - Terminal Reality)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Grand Ages: Rome (HKLM-x32\...\Steam App 23450) (Version:  - Haemimont Games)
GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Hitman 2: Silent Assassin (HKLM-x32\...\Steam App 6850) (Version:  - IO Interactive)
Hitman: Codename 47 (HKLM-x32\...\Steam App 6900) (Version:  - IO Interactive)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Imperium Romanum: Gold Edition (HKLM-x32\...\Steam App 23400) (Version:  - Haemimont Games)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017F0}) (Version: 7.0.170 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.0822 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.0822 - CyberLink Corp.) Hidden
Lenovo Solution Center (HKLM\...\{13BD494D-9ACD-420B-A291-E145DED92EF6}) (Version: 2.6.001.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.53 (HKLM\...\Logitech Gaming Software) (Version: 8.53.186 - Logitech Inc.)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medal of Honor: Airborne (HKLM-x32\...\Steam App 24840) (Version:  - EA Los Angeles)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Game Studios Common Redistributables Pack 1 (x32 Version: 1.0.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft XML Parser (x32 Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mini Ninjas (HKLM-x32\...\Steam App 35000) (Version:  - IO Interactive)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version:  - DICE)
Mortal Kombat Kollection (HKLM-x32\...\Steam App 205350) (Version:  - Other Ocean Interactive)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - Tale Worlds)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds)
MX vs ATV Reflex (HKLM-x32\...\Steam App 55140) (Version:  - Double Helix Games)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version:  - Cryptic Studios)
Next Car Game Technology Sneak Peek 2.0 (HKLM-x32\...\Next Car Game Technology Sneak Peek) (Version:  - Bugbear Entertainment)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
NVIDIA 3D Vision drivrutin 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA 3D Vision drivrutin för styrenhet 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Grafikdrivrutin 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD audiodrivrutin 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Legacy) (HKLM-x32\...\{6F9D5A0B-202C-4161-BC7F-0664EA39E7E7}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX systemprogramvara 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden
NVIDIAs kontrollpanel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA-uppdatering 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Operation Flashpoint: Dragon Rising (HKLM-x32\...\Steam App 12830) (Version:  - Codemasters Studios)
Operation Flashpoint: Red River (HKLM-x32\...\Steam App 44340) (Version:  - Codemasters Action Studio)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Overlord (HKLM-x32\...\Steam App 11450) (Version:  - Triumph Studios)
Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version:  - Triumph Studios)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
Patrician III (HKLM-x32\...\Steam App 33570) (Version:  - Ascaron Entertainment ltd.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
Penumbra: Black Plague (HKLM-x32\...\Steam App 22120) (Version:  - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Pineview Drive (HKLM-x32\...\Pineview Drive_is1) (Version:  - )
Poker Night 2 (HKLM-x32\...\Steam App 234710) (Version:  - Telltale Games)
Postal 2 (HKLM-x32\...\1207658755_is1) (Version: 2.1.0.10 - GOG.com)
Power Control Switch (HKLM-x32\...\{816F9A97-9889-43DA-A394-7AA45DD68BA0}) (Version: 4.0.0.0924 - Lenovo)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version:  - Indie Stone Studios)
RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)
RaceRoom Racing Experience  (HKLM-x32\...\Steam App 211500) (Version:  - SimBin Studios AB)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.7.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.30137 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla  (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Rise of the Argonauts (HKLM-x32\...\Steam App 12770) (Version:  - Liquid Entertainment)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Royal Quest (HKLM-x32\...\Steam App 295550) (Version:  - Katauri)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
S.T.A.L.K.E.R.: Call of Pripyat (HKLM-x32\...\Steam App 41700) (Version:  - GSC Game World)
S.T.A.L.K.E.R.: Clear Sky (HKLM-x32\...\Steam App 20510) (Version:  - GSC Game World)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Sid Meier's Alpha Centauri (HKLM-x32\...\GOGPACKSIDMEIERSALPHACENTAURI_is1) (Version: 2.0.2.23 - GOG.com)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Silent Hunter III (HKLM-x32\...\Steam App 15210) (Version:  - Ubisoft)
Sin (HKLM-x32\...\Sin) (Version:  - )
Sin Gold (HKLM-x32\...\GOGPACKSINGOLD_is1) (Version: 2.0.0.9 - GOG.com)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarTopia (HKLM-x32\...\GOGPACKANSTARTOPIA_is1) (Version: 2.0.0.17 - GOG.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Still Life 2 (HKLM-x32\...\GOGPACKSTILLLIFE2_is1) (Version: 2.0.0.12 - GOG.com)
Stranded II 1.0.0.1 (HKLM-x32\...\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1) (Version:  - Unreal Software)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SWAT 3 - Tactical Game of The Year Edition (HKLM-x32\...\GOGPACKSWAT3_is1) (Version: 2.0.0.32 - GOG.com)
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Dead Linger (HKLM-x32\...\Steam App 245130) (Version:  - Sandswept Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
The Incredible Adventures of Van Helsing (HKLM-x32\...\Steam App 215530) (Version:  - NeocoreGames)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version:  - Ubisoft Montreal)
The Settlers II - 10th Anniversary (HKLM-x32\...\GOGPACKSETTLERS210TH_is1) (Version: 2.0.0.8 - GOG.com)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - Looking Glass Studios)
Tiny and Big: Grandpa's Leftovers (HKLM-x32\...\Steam App 205910) (Version:  - Black Pants Game Studio)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Train Simulator 2014 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Trove Alpha (HKLM-x32\...\Glyph Trove Alpha) (Version:  - Trion Worlds, Inc.)
Universe Sandbox (HKLM-x32\...\Steam App 72200) (Version:  - Giant Army)
Unreal Anthology (HKLM-x32\...\{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}) (Version: 1.00.0000 - Epic)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
Vampire: The Masquerade - Bloodlines (HKLM-x32\...\Steam App 2600) (Version:  - Troika Games)
Warhammer 40,000 Space Marine (HKLM-x32\...\Steam App 55150) (Version:  - Relic)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM-x32\...\Steam App 15620) (Version:  - Relic Entertainment)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
World in Conflict (HKLM-x32\...\Steam App 21760) (Version:  - Massive Entertainment)
World in Conflict: Soviet Assault (HKLM-x32\...\Steam App 21910) (Version:  - Massive Entertainment)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
X3: Albion Prelude (HKLM-x32\...\Steam App 201310) (Version:  - Egosoft)
X3: Reunion (HKLM-x32\...\Steam App 2810) (Version:  - Egosoft)
X3: Terran Conflict (HKLM-x32\...\Steam App 2820) (Version:  - Egosoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1261373903-4154722331-439683534-1001_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D0300000003000000171B4C9FE025EFEFBD8C9F28E73C2BAE06D484424F417770A70ACBBBAD60 (the data entry has 10 more characters).
 
==================== Restore Points  =========================
 
16-09-2014 12:31:41 Installed Java 7 Update 67
21-09-2014 15:52:10 DirectX har installerats
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03F2A9BE-42DF-4B54-8550-402258547448} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07AEFB3D-8D41-42A8-9140-F2D016E96E05} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31E8C842-89FE-43BF-9ED7-8BCA083E8869} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-05-27] (Lenovo)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A31780C-2371-47EA-B478-FA785449F043} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42167638-2643-44A7-BABC-A0BD52EF237C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] ()
Task: {422280EF-D3F8-4737-A803-38299612DF27} - System32\Tasks\Lenovo\Lenovo-32651 => C:\ProgramData\Lenovo-32651.vbs [2013-06-18] ()
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5A3F2B56-4BE1-41D9-BB4C-C02BDCA1FE4B} - System32\Tasks\Lenovo\Lenovo-32706 => C:\ProgramData\Lenovo-32706.vbs [2013-06-18] ()
Task: {5F7C0041-BD66-4D58-99B4-E93CA6FBC4DD} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-09-03] ()
Task: {60E467EF-EBD5-4548-8589-FCE554BF1086} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {665B9FB9-5E8C-488C-9D2D-357BA90AFE75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {68288A8D-2F9E-43DA-AB46-21B7DD5F2190} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {762BBC97-8D0F-4411-BC49-CA80ED11F4E2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80B7024D-A5FC-470F-A3CC-1E90FAC56B1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-17] (AVAST Software)
Task: {82322F63-1030-4D7A-A52C-3C7D88244432} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87F5FC26-26B2-4F51-9910-46610A08FEB7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {8C7F2BC0-E3A4-49EA-BB65-ED4F61552DDA} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {94CADD89-3C2C-4F74-B8FD-B3BAC5C24B2D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CD8F8949-1373-4E80-9110-420A8346C12A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D7BE1549-3B2F-418A-A138-1B17B3C21888} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-11] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E30CF114-ABD5-4E15-89A7-658FB1458FC2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FD046258-D243-4E27-B2F4-110796156E8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FF0B2E33-42E3-4B95-BD04-84CD0B4E982F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-22 17:22 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-18 02:44 - 2011-03-16 05:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-07-02 23:54 - 2014-07-02 23:54 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-02 23:54 - 2014-07-02 23:54 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-02 23:59 - 2014-07-02 23:59 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2013-06-18 02:44 - 2011-05-17 22:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-09-17 18:50 - 2014-09-17 18:50 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14091701\algo.dll
2014-09-22 20:34 - 2014-09-22 20:34 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092201\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-18 02:44 - 2011-05-17 22:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 01:59 - 2009-12-05 01:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 02:04 - 2009-12-05 02:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2013-10-15 17:22 - 2013-10-15 17:22 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-06-18 02:43 - 2013-01-23 09:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-08-22 15:31 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-22 15:31 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-22 15:31 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2013-08-21 14:18 - 2014-09-03 21:28 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-23 22:43 - 2014-09-15 20:12 - 02226880 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-22 15:31 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-22 15:31 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-10-08 18:19 - 2014-09-15 20:12 - 00679616 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-09-05 01:29 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-07-24 18:46 - 2014-09-05 01:29 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-07-24 18:46 - 2014-09-05 01:29 - 00713408 _____ () C:\Program Files (x86)\Steam\bin\libglesv2.dll
2014-07-24 18:46 - 2014-09-05 01:29 - 00124608 _____ () C:\Program Files (x86)\Steam\bin\libegl.dll
2014-09-12 21:32 - 2014-09-04 05:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKCU\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKCU\...\StartupApproved\Run: => "EADM"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
 
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
 
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 08:36:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1141
 
Error: (09/22/2014 08:36:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1141
 
Error: (09/22/2014 08:36:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 03:17:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1.
Den beroende sammansättningen Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/22/2014 03:15:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Det gick inte att skapa aktiveringskontext för Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1.
Den beroende sammansättningen Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" kunde inte hittas.
Använd sxstrace.exe om du vill diagnostisera ytterligare.
 
Error: (09/22/2014 00:34:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094
 
Error: (09/22/2014 00:34:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094
 
 
System errors:
=============
Error: (09/23/2014 11:11:38 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 11:11:32 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 03:29:02 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 03:03:47 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 03:03:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 00:35:34 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 00:10:19 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/23/2014 00:10:13 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/22/2014 10:22:59 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Tjänsten LitModeCtrl registrerade ett ogiltigt aktuellt läge 32.
 
Error: (09/22/2014 09:59:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Tjänsten avast! HardwareID kunde inte startas på grund av följande fel: 
%%1106
 
 
Microsoft Office Sessions:
=========================
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1110
 
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1110
 
Error: (09/23/2014 03:29:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 08:36:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1141
 
Error: (09/22/2014 08:36:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1141
 
Error: (09/22/2014 08:36:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/22/2014 03:17:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Spel\Still Life 2\Splash.exe
 
Error: (09/22/2014 03:15:36 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files (x86)\Spel\Still Life 2\Splash.exe
 
Error: (09/22/2014 00:34:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1094
 
Error: (09/22/2014 00:34:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1094
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 16301.14 MB
Available physical RAM: 13262.06 MB
Total Pagefile: 18733.14 MB
Available Pagefile: 13957.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:1836.42 GB) (Free:812.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 5F787783)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 23 September 2014 - 05:38 AM

oh, i read the "attach" part of "Please attach both reports to your reply to me now" , so i attached them here aswell, just in case.

 

Attached Files



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 26 September 2014 - 01:40 PM





Hello Marwing

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 29 September 2014 - 08:05 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 29 September 2014 - 08:18 AM

Hi! Sorry things got in the way.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.09.27.04
 
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17278
Marcus :: MARCUS-PC [administrator]
 
2014-09-27 14:07:04
mbar-log-2014-09-27 (14-07-04).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 333473
Time elapsed: 16 minute(s), 
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
 
 
RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Marcus [Admin rights]
Mode : Remove -- Date : 09/27/2014  19:36:21
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB0273B2-8D7C-46D2-B3B3-0689DC5A8943} | DhcpNameServer : 80.251.201.177 80.251.201.178  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AB0273B2-8D7C-46D2-B3B3-0689DC5A8943} | DhcpNameServer : 80.251.201.177 80.251.201.178  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[Suspicious.Path] \Lenovo\Lenovo-32651 -- C:\ProgramData\Lenovo-32651.vbs -> NOT SELECTED
[Suspicious.Path] \Lenovo\Lenovo-32706 -- C:\ProgramData\Lenovo-32706.vbs -> NOT SELECTED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] 87736e953cc800e7043aab508dff8867
[BSP] 8d4bd872aa859b47bb315c1dc5842e78 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_09272014_193418.log
 
 
 
 
The two Lenovo tasks, im unsure what will happen if i delete them. My computer brand are named Lenovo so will it destroy anything?


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:20 AM

Posted 02 October 2014 - 04:11 PM

those are fine to remove and will not break the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Marwing

Marwing
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 03 October 2014 - 01:00 PM

RogueKiller V9.2.13.0 (x64) [Sep 25 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Marcus [Admin rights]
Mode : Remove -- Date : 10/03/2014  19:59:00
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB0273B2-8D7C-46D2-B3B3-0689DC5A8943} | DhcpNameServer : 80.251.201.177 80.251.201.178  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AB0273B2-8D7C-46D2-B3B3-0689DC5A8943} | DhcpNameServer : 80.251.201.177 80.251.201.178  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1261373903-4154722331-439683534-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[Suspicious.Path] \Lenovo\Lenovo-32651 -- C:\ProgramData\Lenovo-32651.vbs -> DELETED
[Suspicious.Path] \Lenovo\Lenovo-32706 -- C:\ProgramData\Lenovo-32706.vbs -> DELETED
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] 87736e953cc800e7043aab508dff8867
[BSP] 8d4bd872aa859b47bb315c1dc5842e78 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_09272014_193621.log - RKreport_SCN_09272014_193418.log - RKreport_SCN_09292014_151553.log - RKreport_SCN_10032014_195816.log





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users