Windows 8 Probleme Fake Google Chrome
Hallo Trojaner-board.de Gemeinde,
ich habe mir versehentlich eine falsche Version von Google Chrome geladen und habe jetzt Angst dass ich mir etwas schlimmeres eingefangen habe. :/
Habe alle Installierten Dateien sofort gelöscht und Malwarebytes drüberlaufen lassen.
Hier sind meine Logfiles:
defogger_disable Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:01 on 18/07/2014 (Michael)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Michael (administrator) on HETT on 18-07-2014 02:03:45
Running from C:\Users\Michael\Desktop
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Atheros Communications) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Mozilla Firefox\updated\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [811792 2014-01-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-14] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Atheros Communications))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-14] (Samsung)
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\MountPoints2: {42550a1e-ee31-11e3-801e-689423669232} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-2624463503-578704688-3719895022-1002\...\MountPoints2: {9ee4c871-8c00-11e3-bf36-689423669232} - "E:\AutoLcd.exe"
AppInit_DLLs: c:\windows\system32\nvinitx.dll => c:\windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs: , C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
AppInit_DLLs-x32: , c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-12-19] (NVIDIA Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM - DefaultScope {C6CBFF54-9C98-4512-8BFC-6441EE5D986C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {C6CBFF54-9C98-4512-8BFC-6441EE5D986C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v1wftu31.default
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: BalancedWorlds.com/WebLauncher - C:\Users\Michael\AppData\Local\Balanced Worlds\BWGameEngine\npWebLauncher.dll (BalancedWorlds)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: cosstminn - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v1wftu31.default\Extensions\oayiqrzk@ymzwxsqc.com [2014-07-17]
FF Extension: Yahoo Community Smartbar - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v1wftu31.default\Extensions\{fd81c7c1-0d77-d3ce-5288-59c0c212619f} [2014-07-17]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-30]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-30]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-30]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-30]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-19]
CHR Extension: (cosstminn) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpamjelildlfpjcbkfiopakgojpgocab [2014-07-17]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-09-26] (Dritek System INC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-09-26] (Dritek System Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-18 02:03 - 2014-07-18 02:04 - 00017495 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-18 02:03 - 2014-07-18 02:03 - 02086912 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-18 02:03 - 2014-07-18 02:03 - 00000000 ____D () C:\FRST
2014-07-18 02:00 - 2014-07-18 02:01 - 00000476 _____ () C:\Users\Michael\Desktop\defogger_disable.log
2014-07-18 02:00 - 2014-07-18 02:00 - 00050477 _____ () C:\Users\Michael\Desktop\Defogger.exe
2014-07-18 02:00 - 2014-07-18 02:00 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2014-07-18 01:51 - 2014-07-18 01:51 - 00330424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 01:50 - 2014-07-18 01:50 - 00246318 _____ () C:\Users\Michael\Desktop\malwarebytes.txt
2014-07-18 01:15 - 2014-07-18 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 22:20 - 2014-07-18 01:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 22:20 - 2014-07-17 22:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 22:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 22:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 22:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 22:19 - 2014-07-17 22:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-17 22:19 - 2014-07-17 22:19 - 00788832 _____ ( ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-17 22:15 - 2012-08-30 13:37 - 02213776 _____ (ELAN Microelectronics Corp.) C:\Windows\ETDUninst.dll
2014-07-17 22:13 - 2014-07-17 22:13 - 00002453 _____ () C:\Users\Michael\Desktop\Search.lnk
2014-07-17 22:12 - 2014-07-17 22:44 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 22:12 - 2014-07-17 22:16 - 00000000 ____D () C:\ProgramData\acec7561d911629e
2014-07-17 22:12 - 2014-07-17 22:14 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-17 22:12 - 2014-07-17 22:12 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\globalUpdate
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator
2014-07-17 22:11 - 2014-07-18 01:52 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-17 22:11 - 2014-07-18 01:16 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-17 22:11 - 2014-07-17 22:15 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-17 22:11 - 2014-07-17 22:11 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-17 22:11 - 2014-07-17 22:11 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-17 22:11 - 2014-07-17 22:11 - 00000000 _____ () C:\END
2014-07-17 21:54 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-17 21:54 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-17 21:51 - 2014-07-17 21:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-17 02:44 - 2014-05-03 07:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-17 02:44 - 2014-05-03 05:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-17 02:44 - 2014-04-03 13:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-17 02:44 - 2014-04-03 05:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-17 02:44 - 2014-04-01 00:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-07-17 02:44 - 2014-03-25 01:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-07-17 02:44 - 2014-03-25 00:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-07-17 02:43 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-17 02:43 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-17 02:43 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-17 02:43 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-17 02:43 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-17 02:43 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-17 02:43 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-17 02:43 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-17 02:43 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-17 02:43 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-17 02:43 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-17 02:43 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-17 02:43 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-17 02:43 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-17 02:43 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-17 02:43 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-17 02:43 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-17 02:43 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-17 02:43 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-17 02:43 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-17 02:43 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-17 02:43 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-17 02:43 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-17 02:43 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-17 02:43 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-17 02:43 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-17 02:43 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-17 02:43 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-17 02:43 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-17 02:43 - 2014-04-30 00:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-17 02:43 - 2014-04-30 00:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-17 02:42 - 2014-03-07 02:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-17 02:42 - 2014-03-07 02:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-17 02:41 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-17 02:41 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-17 02:41 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-17 02:41 - 2014-04-03 13:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-17 02:10 - 2014-07-17 02:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\Ubisoft
2014-07-17 02:09 - 2014-07-17 22:12 - 00000000 __SHD () C:\Users\Michael\wc
2014-07-17 02:09 - 2014-07-17 02:09 - 07342240 _____ (Ubisoft) C:\Users\Michael\Downloads\duelofchampions.exe
2014-07-17 02:09 - 2014-07-17 02:09 - 00001094 _____ () C:\Users\Michael\Desktop\Duel of Champions Launcher.lnk
2014-07-17 02:09 - 2014-07-17 02:09 - 00000000 __SHD () C:\Users\Michael\AppData\Roaming\wyUpdate AU
2014-07-17 02:09 - 2014-07-17 02:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ubisoft
2014-07-13 16:47 - 2014-07-13 16:47 - 00001098 _____ () C:\Users\Michael\Downloads\Text (1).txt
2014-06-26 17:06 - 2014-06-26 17:06 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\Samsung
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-06-26 17:03 - 2014-06-26 17:03 - 00000000 ____D () C:\Users\Michael\Documents\samsung
2014-06-26 17:00 - 2014-06-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-26 17:00 - 2014-02-07 16:33 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-06-26 17:00 - 2014-01-23 18:31 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2014-06-26 16:59 - 2014-06-26 17:03 - 00000000 ____D () C:\ProgramData\Samsung
2014-06-26 16:59 - 2014-06-26 17:03 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-06-26 16:58 - 2014-06-26 16:58 - 00000000 ___HD () C:\Users\Michael\AppData\Local\Downloaded Installations
2014-06-26 16:57 - 2014-06-26 16:58 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Michael\Downloads\KiesSetup.exe
2014-06-19 01:53 - 2014-06-19 01:53 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-06-19 01:52 - 2014-06-19 18:40 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-06-19 01:52 - 2014-06-19 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-06-19 01:52 - 2014-06-19 01:52 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk
2014-06-19 01:35 - 2014-06-19 01:50 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b ROC Installer enGB
2014-06-19 01:35 - 2014-06-19 01:35 - 02693528 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enGB.exe
2014-06-19 01:27 - 2014-06-19 01:27 - 08267773 _____ () C:\Users\Michael\Downloads\DotA v6.80c.w3x
2014-06-19 01:11 - 2014-06-19 01:34 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b TFT Installer enGB
2014-06-19 01:10 - 2014-06-19 01:10 - 02686995 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB.exe
==================== One Month Modified Files and Folders =======
2014-07-18 02:04 - 2014-07-18 02:03 - 00017495 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-18 02:03 - 2014-07-18 02:03 - 02086912 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-18 02:03 - 2014-07-18 02:03 - 00000000 ____D () C:\FRST
2014-07-18 02:01 - 2014-07-18 02:00 - 00000476 _____ () C:\Users\Michael\Desktop\defogger_disable.log
2014-07-18 02:00 - 2014-07-18 02:00 - 00050477 _____ () C:\Users\Michael\Desktop\Defogger.exe
2014-07-18 02:00 - 2014-07-18 02:00 - 00000000 _____ () C:\Users\Michael\defogger_reenable
2014-07-18 02:00 - 2013-10-31 18:32 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-18 02:00 - 2013-09-30 16:19 - 00000000 ___HD () C:\Users\Michael
2014-07-18 02:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-18 01:58 - 2013-09-30 16:28 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2624463503-578704688-3719895022-1002
2014-07-18 01:58 - 2012-09-27 02:48 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-07-18 01:58 - 2012-09-27 02:48 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-07-18 01:58 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-18 01:54 - 2014-04-21 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-18 01:53 - 2014-07-17 22:20 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-18 01:52 - 2014-07-17 22:11 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-18 01:52 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-18 01:51 - 2014-07-18 01:51 - 00330424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-18 01:51 - 2012-09-03 12:56 - 00390854 _____ () C:\Windows\PFRO.log
2014-07-18 01:51 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-18 01:50 - 2014-07-18 01:50 - 00246318 _____ () C:\Users\Michael\Desktop\malwarebytes.txt
2014-07-18 01:16 - 2014-07-17 22:11 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-18 01:15 - 2014-07-18 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-17 22:44 - 2014-07-17 22:12 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 22:33 - 2013-09-30 16:19 - 02083554 _____ () C:\Windows\WindowsUpdate.log
2014-07-17 22:20 - 2014-07-17 22:20 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-17 22:20 - 2014-07-17 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 22:19 - 2014-07-17 22:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-07-17 22:19 - 2014-07-17 22:19 - 00788832 _____ ( ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-07-17 22:16 - 2014-07-17 22:12 - 00000000 ____D () C:\ProgramData\acec7561d911629e
2014-07-17 22:15 - 2014-07-17 22:11 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-07-17 22:14 - 2014-07-17 22:12 - 00000000 ____D () C:\Program Files (x86)\Easy Speed Check
2014-07-17 22:13 - 2014-07-17 22:13 - 00002453 _____ () C:\Users\Michael\Desktop\Search.lnk
2014-07-17 22:12 - 2014-07-17 22:12 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\globalUpdate
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Michael\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Gast
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 22:12 - 2014-07-17 22:12 - 00000000 ____D () C:\Users\Administrator
2014-07-17 22:12 - 2014-07-17 02:09 - 00000000 __SHD () C:\Users\Michael\wc
2014-07-17 22:12 - 2013-09-30 16:29 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-17 22:12 - 2013-09-30 16:28 - 00000000 ___HD () C:\Users\Michael\AppData\Local\Google
2014-07-17 22:12 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-17 22:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-17 22:11 - 2014-07-17 22:11 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-17 22:11 - 2014-07-17 22:11 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-17 22:11 - 2014-07-17 22:11 - 00000000 _____ () C:\END
2014-07-17 21:51 - 2014-07-17 21:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-17 21:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 21:51 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-17 21:51 - 2012-07-26 09:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-17 19:55 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-17 19:50 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-17 19:48 - 2013-10-01 22:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-17 19:46 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-17 19:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-17 02:10 - 2014-07-17 02:10 - 00000000 ____D () C:\Users\Michael\AppData\Local\Ubisoft
2014-07-17 02:09 - 2014-07-17 02:09 - 07342240 _____ (Ubisoft) C:\Users\Michael\Downloads\duelofchampions.exe
2014-07-17 02:09 - 2014-07-17 02:09 - 00001094 _____ () C:\Users\Michael\Desktop\Duel of Champions Launcher.lnk
2014-07-17 02:09 - 2014-07-17 02:09 - 00000000 __SHD () C:\Users\Michael\AppData\Roaming\wyUpdate AU
2014-07-17 02:09 - 2014-07-17 02:09 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Ubisoft
2014-07-16 22:15 - 2013-09-30 16:49 - 00000000 ____D () C:\Users\Michael\Documents\Bluetooth Folder
2014-07-15 15:25 - 2013-10-01 00:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TS3Client
2014-07-15 15:24 - 2013-10-01 00:17 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-07-13 16:47 - 2014-07-13 16:47 - 00001098 _____ () C:\Users\Michael\Downloads\Text (1).txt
2014-07-06 19:48 - 2013-09-30 16:37 - 00000000 ____D () C:\Users\Michael\AppData\Local\PMB Files
2014-07-06 19:48 - 2013-09-30 16:37 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-03 16:35 - 2013-12-04 12:24 - 00304128 ___SH () C:\Users\Michael\Desktop\Thumbs.db
2014-07-01 00:42 - 2014-07-17 02:43 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-17 02:43 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-01 00:42 - 2014-07-17 02:43 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-28 05:35 - 2014-07-17 02:43 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 22:53 - 2014-07-17 21:54 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-17 21:54 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 17:40 - 2013-10-01 22:58 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-26 17:06 - 2014-06-26 17:06 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-06-26 17:06 - 2014-06-26 17:06 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Users\Michael\AppData\Local\Samsung
2014-06-26 17:04 - 2014-06-26 17:04 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-06-26 17:03 - 2014-06-26 17:03 - 00000000 ____D () C:\Users\Michael\Documents\samsung
2014-06-26 17:03 - 2014-06-26 16:59 - 00000000 ____D () C:\ProgramData\Samsung
2014-06-26 17:03 - 2014-06-26 16:59 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-06-26 17:00 - 2014-06-26 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-26 16:59 - 2012-09-03 13:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-26 16:58 - 2014-06-26 16:58 - 00000000 ___HD () C:\Users\Michael\AppData\Local\Downloaded Installations
2014-06-26 16:58 - 2014-06-26 16:57 - 75211320 _____ (Samsung Electronics Co., Ltd.) C:\Users\Michael\Downloads\KiesSetup.exe
2014-06-19 18:40 - 2014-06-19 01:52 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-06-19 04:12 - 2014-07-17 02:43 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-19 04:12 - 2014-07-17 02:43 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-19 04:12 - 2014-07-17 02:43 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-19 04:12 - 2014-07-17 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-19 04:12 - 2014-07-17 02:43 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-19 04:11 - 2014-07-17 02:43 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-19 04:11 - 2014-07-17 02:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-19 04:11 - 2014-07-17 02:43 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-19 04:10 - 2014-07-17 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-19 04:09 - 2014-07-17 02:43 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-19 02:53 - 2014-07-17 02:43 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-19 02:53 - 2014-07-17 02:43 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-19 02:52 - 2014-07-17 02:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-19 02:52 - 2014-07-17 02:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-19 02:33 - 2014-07-17 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-19 02:30 - 2014-07-17 02:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-19 01:53 - 2014-06-19 01:53 - 00001098 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-06-19 01:53 - 2014-06-19 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-06-19 01:52 - 2014-06-19 01:52 - 00001053 _____ () C:\Users\Public\Desktop\Warcraft III.lnk
2014-06-19 01:50 - 2014-06-19 01:35 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b ROC Installer enGB
2014-06-19 01:35 - 2014-06-19 01:35 - 02693528 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enGB.exe
2014-06-19 01:34 - 2014-06-19 01:11 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b TFT Installer enGB
2014-06-19 01:27 - 2014-06-19 01:27 - 08267773 _____ () C:\Users\Michael\Downloads\DotA v6.80c.w3x
2014-06-19 01:10 - 2014-06-19 01:10 - 02686995 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enGB.exe
2014-06-19 00:05 - 2014-07-17 02:43 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-18 01:49 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-06-18 01:27 - 2014-07-17 02:43 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-18 01:24 - 2014-07-17 02:43 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\COMAP.EXE
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\SIInvoker.exe
C:\Users\Michael\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michael\AppData\Local\Temp\uninst1.exe
C:\Users\Michael\AppData\Local\Temp\{9A383C94-2CF5-4475-AD06-52761E8BAFAC}-36.0.1985.125_chrome_installer.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-15 04:00
==================== End Of Log ============================
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Michael at 2014-07-18 02:04:21
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bloodline Champions (HKLM-x32\...\Steam App 6370) (Version: - Stunlock Studios)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Duel of Champions (HKCU\...\MMDoC-PDCLive) (Version: - Ubisoft)
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
Extended Update (HKCU\...\UpdaterEX) (Version: - ) <==== ATTENTION
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version: - )
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.5 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.01.3200 - Acer)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 6.7 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TOPSIM - General Management II Participant (HKLM-x32\...\TOPSIM - General Management II Participant) (Version: 12.0 - TATA Interactive Systems GmbH)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XSplit Broadcaster (HKLM-x32\...\{F8A47958-47CC-4B57-AE7D-7DDC0A86BEF5}) (Version: 1.3.1311.1201 - SplitMediaLabs)
Yahoo Community Smartbar Engine (HKCU\...\{e6cc70cd-e6cc-4202-8cb6-7ade4ebfa8c5}) (Version: 11.63.66.17714 - Linkury Inc.) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Restore Points =========================
26-06-2014 14:58:58 Installed Samsung Kies
07-07-2014 16:05:36 Geplanter Prüfpunkt
16-07-2014 17:40:37 Geplanter Prüfpunkt
17-07-2014 20:18:17 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0693B6C5-B990-4CF7-862D-3A0E4DF022E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1F069D73-D2DA-4AAF-A370-6B1C036D7A3D} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3B04812C-632E-440A-9B5B-B3AEF5B353AF} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {458A7D56-E861-4E01-A096-C91F032E6CE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {56919B41-DEEC-4D06-949A-741D0BF05CCC} - \EPUpdater No Task File <==== ATTENTION
Task: {56EB07B9-7848-4A2E-9937-232507E93A63} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2624463503-578704688-3719895022-1002
Task: {5E53A74C-12C3-459D-8B9E-599B0FDFC41C} - \BitGuard No Task File <==== ATTENTION
Task: {6D600475-135F-420C-8011-693D1E5619DA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {9489A73C-9FDB-4A23-B9F6-9E138FD71752} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A8B00D79-8CF9-41AD-B6D0-0A0BC4C759A2} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {AD867E94-C444-44B3-905F-D4469B03ACE9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-26] (Microsoft Corporation)
Task: {B7FF15ED-EA7E-4BD3-861B-A8B8547E91C3} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {C29914B2-FB69-4A6D-ADCA-C1C36A633DD5} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEDAB060-F54A-42B8-BFD4-65CDCA82D8CE} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {DE5C2F2E-BB2A-409D-84BD-329D4006A280} - \UpdaterEX No Task File <==== ATTENTION
Task: {E1B232EC-44E8-4A4C-974B-D2ECB59CF591} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {E3A2E92C-8A5E-469E-83FB-DFCC1F111F33} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-14 14:28 - 2013-12-19 22:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-14 14:36 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2013-01-28 14:45 - 2013-01-28 14:45 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-01-28 14:42 - 2013-01-28 14:42 - 00084992 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2012-09-03 13:50 - 2012-08-08 17:48 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 14:47 - 2013-01-28 14:47 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 00:04 - 2012-08-23 00:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-23 08:26 - 2012-08-23 08:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 08:25 - 2012-08-23 08:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 08:26 - 2012-08-23 08:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-09-26 17:07 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-18 01:15 - 2014-07-18 01:15 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-17 22:13 - 2014-05-28 10:31 - 00099096 _____ () C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\v1wftu31.default\extensions\{fd81c7c1-0d77-d3ce-5288-59c0c212619f}\components\SmartbarFireFoxRemotePlugin_30.dll
2014-02-14 14:28 - 2013-12-19 22:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/18/2014 01:52:19 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2014 10:21:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.6413, Zeitstempel: 0x5278a88f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054022
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (07/17/2014 10:21:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.6413, Zeitstempel: 0x5278a88f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054022
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (07/17/2014 10:21:50 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.6413, Zeitstempel: 0x5278a88f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054022
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (07/17/2014 10:21:47 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.6413, Zeitstempel: 0x5278a88f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054022
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (07/17/2014 10:21:44 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.17028, Zeitstempel: 0x53a20947
Name des fehlerhaften Moduls: mscorwks.dll, Version: 2.0.50727.6413, Zeitstempel: 0x5278a88f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00054022
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
System errors:
=============
Error: (07/18/2014 01:55:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/18/2014 01:53:11 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "HETT" auf Transport "NetBT_Tcpip_{7DC84368-7E12-4AE8-9943-50BD7BA68BFD}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (07/18/2014 01:52:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler beendet:
%%1064
Error: (07/18/2014 01:51:02 AM) (Source: DCOM) (EventID: 10010) (User: HETT)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Error: (07/18/2014 01:50:53 AM) (Source: DCOM) (EventID: 10010) (User: HETT)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (07/17/2014 10:14:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Installer" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/17/2014 10:13:31 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "HETT" auf Transport "NetBT_Tcpip_{7DC84368-7E12-4AE8-9943-50BD7BA68BFD}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.
Error: (07/17/2014 10:12:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/17/2014 10:12:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/17/2014 09:59:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (07/18/2014 01:52:19 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/17/2014 10:21:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947mscorwks.dll2.0.50727.64135278a88fc000000500054022
Error: (07/17/2014 10:21:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947mscorwks.dll2.0.50727.64135278a88fc000000500054022
Error: (07/17/2014 10:21:50 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947mscorwks.dll2.0.50727.64135278a88fc000000500054022
Error: (07/17/2014 10:21:47 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947mscorwks.dll2.0.50727.64135278a88fc000000500054022
Error: (07/17/2014 10:21:44 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.6413 - Schwerwiegender Fehler im Ausführungsmodul (74B0024A) (80131506).
Error: (07/17/2014 10:21:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1702853a20947mscorwks.dll2.0.50727.64135278a88fc000000500054022
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 8007.27 MB
Available physical RAM: 6134.59 MB
Total Pagefile: 9223.27 MB
Available Pagefile: 7295.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:680.19 GB) (Free:574.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A1D3295F)
Partition: GPT Partition Type.
==================== End Of Log ============================
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-18 02:08:35
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000038 TOSHIBA_MQ01ABD075 rev.AX003J 698,64GB
Running: pzhrd3hn.exe; Driver: C:\Users\Michael\AppData\Local\Temp\ugloipow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!KiCpuId + 988 fffff8038dcc33dc 1 byte [31]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExW 000007f8c51f259c 8 bytes JMP 000007f9c41903b0
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!RegQueryValueExW 000007f8c51f6b00 9 bytes JMP 000007f9c4190308
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleFileNameExW 000007f8c52757e8 7 bytes JMP 000007f9c4190260
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!K32GetModuleInformation 000007f8c5275908 7 bytes JMP 000007f9c41902d0
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!RegDeleteValueW 000007f8c5291610 7 bytes JMP 000007f9c4190340
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007f8c52a49a4 7 bytes JMP 000007f9c4190298
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007f8c52a4a38 8 bytes JMP 000007f9c4190228
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNEL32.DLL!RegSetValueExA 000007f8c52a5074 8 bytes JMP 000007f9c4190378
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007f8c41a1f70 7 bytes JMP 000007f9c41900d8
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007f8c41a1ff0 5 bytes JMP 000007f9c4190180
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007f8c41a5880 5 bytes JMP 000007f9c4190110
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007f8c41a8650 6 bytes JMP 000007f9c4190148
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\USER32.dll!CreateWindowExW 000007f8c507c5b0 7 bytes JMP 000007f9c4190490
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007f8c50831f0 9 bytes JMP 000007f9c41903e8
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesW 000007f8c50833e0 5 bytes JMP 000007f9c4190458
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\USER32.dll!EnumDisplayDevicesA 000007f8c5087160 5 bytes JMP 000007f9c4190420
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007f8c4dc1070 8 bytes JMP 000007f9c41901f0
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007f8c4de0bd0 8 bytes JMP 000007f9c41901b8
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007f8c1736d10 5 bytes JMP 000007f9c1520110
.text C:\Windows\system32\dwm.exe[372] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007f8c173d060 5 bytes JMP 000007f9c15200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1060] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1068] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1068] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1068] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1068] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8c506177a 4 bytes [06, C5, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[1068] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8c5061782 4 bytes [06, C5, F8, 07]
.text C:\Windows\System32\spoolsv.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8c506177a 4 bytes [06, C5, F8, 07]
.text C:\Windows\System32\spoolsv.exe[1292] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8c5061782 4 bytes [06, C5, F8, 07]
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8b40e1b32 4 bytes [0E, B4, F8, 07]
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8b40e1b3a 4 bytes [0E, B4, F8, 07]
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Windows\Explorer.EXE[2972] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4204] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4204] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8c506177a 4 bytes [06, C5, F8, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[4792] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8c5061782 4 bytes [06, C5, F8, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1540] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1540] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8b40e1b32 4 bytes [0E, B4, F8, 07]
.text C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe[1540] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8b40e1b3a 4 bytes [0E, B4, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[1196] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1748] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8c0c61532 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1748] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8c0c6153a 4 bytes [C6, C0, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1748] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8c0c6165a 4 bytes [C6, C0, F8, 07]
.text C:\Windows\System32\igfxpers.exe[3332] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8c506177a 4 bytes [06, C5, F8, 07]
.text C:\Windows\System32\igfxpers.exe[3332] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8c5061782 4 bytes [06, C5, F8, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [576:600] fffff960008f15e8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [712:4568] 000007f8c6c14aa0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [712:5428] 000007f8c6e123a8
---- Processes - GMER 2.1 ----
Process C:\Users\Michael\Desktop\pzhrd3hn.exe (*** suspicious ***) @ C:\Users\Michael\Desktop\pzhrd3hn.exe [5576](2014-07-18 00:04:58) 0000000000400000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
