Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.04.2014, 15:52   #1
Godaka
 
Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags - Standard

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags



Hallihallo liebes Trojanerboard.

Ich habe folgende Symptome:
  • Firefox haengt sich immer wieder auf. Manchmal wenige Sekunden, meistens aber 1-2 Minuten lang. Aehnliche "Lagspikes" bekomm ich auch (jedoch nicht so haeufig/bemerkbar) bei Spielen, uTorrent etc.
  • Avira und vorallem MBAM stuerzen regelmaessig ab(reagieren nicht mehr). Update&Scans sind moeglich, wobei es oftmals 3-4 Anlaeufe gebraucht hat z.B. einen Log erstellen zu koennen, da das Programm nach dem Scan nichtmehr (ganz) reagiert.
  • Avira Tray wird als aktiv angezeigt, Sicherheitscenter wiederspricht manchmal.
  • Mein Twitter Account postet seit 1. April eigenstaendig Spam, sehr zur Frustration meines einzigen Followers
  • Gelegentliche automatische Umleitung auf dubiose Websiten, selbst auf meinem Android Tablet.

MBAM hat vor einem CCleaner Durchlauf 8 verschiedene PUP.Optionals gefunden, nach dem CCleaner waren es nurnoch 7.(Ich werde beide Logs posten.)
Und um das Ganze nochmal ein wenig frustrierender zu gestalten findet MBAM dasselbe beim Laptop meines Vaters.
-> Waere eine infizierte Externe, bzw. gemeinsam genutzte Streamingseiten ein moeglicher Verursacher?
Soll ich fuer den 2ten Laptop einen seperaten Thread aufmachen?

Mit freundlichsten Gruessen!
Godaka

Ad Logs:
Gmer gab mir beim Starten sowohl im "normalen" als auch im abgesicherten Modus folgende Fehlermeldung (Virenscanner war deaktiviert):
"C:\WINDOWS\system32\config\system: The process cannot access the file becaust it is being used by another process."

Nach dem Scan kam dieselbe Warnung nochmals und darauffolgend diese:
"C:\Users\david_000\ntuser.dat: The process cannot access the file becaust it is being used by another process."

defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:11 on 04/04/2014 (david_000)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by david_000 (administrator) on VIENNA-PC on 04-04-2014 15:13:01
Running from C:\Users\david_000\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Users\david_000\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-01] (Valve Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [uTorrent] - C:\Users\david_000\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [SansaDispatch] - C:\Users\david_000\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-02] (SanDisk Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-01] (Valve Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] - C:\Users\david_000\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SansaDispatch] - C:\Users\david_000\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-02] (SanDisk Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-01] (Valve Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [uTorrent] - C:\Users\david_000\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [SansaDispatch] - C:\Users\david_000\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-02] (SanDisk Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {F56BDF20-188E-423A-ABF4-583937128D8C} URL = 
SearchScopes: HKCU - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\david_000\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4ssfd.default-1383161482086
FF Homepage: hxxp://www.startme.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\david_000\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4ssfd.default-1383161482086\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-30]

Chrome: 
=======
CHR HomePage: hxxp://www.startme.com/
CHR Extension: (Google Drive) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Adblock Plus) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-11]
CHR Extension: (STARTME.COM) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmnkhhioonhiehehedmnjibmampjiab [2014-01-12]
CHR Extension: (Google Search) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (Google Calendar) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-10]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-10-10]
CHR Extension: (AdBlock) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-14]
CHR Extension: (BBC Good Food) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2013-10-10]
CHR Extension: (Google Maps) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-10]
CHR Extension: (WeatherBug) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Outlook.com) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-10-10]
CHR Extension: (Gmail) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-11-21] (Disc Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-29] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-08] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 15:13 - 2014-04-04 15:13 - 00017842 _____ () C:\Users\david_000\Desktop\FRST.txt
2014-04-04 15:12 - 2014-04-04 15:13 - 00000000 ____D () C:\FRST
2014-04-04 15:11 - 2014-04-04 15:11 - 00000550 _____ () C:\Users\david_000\Desktop\defogger_disable.log
2014-04-04 15:11 - 2014-04-04 15:11 - 00000168 _____ () C:\Users\david_000\defogger_reenable
2014-04-04 14:55 - 2014-04-04 14:56 - 00337068 _____ () C:\Users\david_000\Desktop\cc_20140404_145535.reg
2014-04-04 14:49 - 2014-04-04 14:49 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-04-04 14:49 - 2014-04-04 14:49 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 14:49 - 2014-04-04 14:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 14:48 - 2014-04-04 14:48 - 03710504 _____ (Piriform Ltd) C:\Users\david_000\Downloads\ccsetup412_slim.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 02157056 _____ (Farbar) C:\Users\david_000\Desktop\FRST64.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 00380416 _____ () C:\Users\david_000\Desktop\Gmer-19357.exe
2014-04-04 14:28 - 2014-04-04 14:28 - 00050477 _____ () C:\Users\david_000\Desktop\Defogger.exe
2014-04-03 17:23 - 2014-04-03 17:23 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-29 16:26 - 2014-04-04 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 16:25 - 2014-03-29 16:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\david_000\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 16:25 - 2014-03-29 16:25 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 16:25 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-29 16:25 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-29 16:25 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 15:27 - 2014-03-27 15:28 - 00000000 ____D () C:\Users\david_000\Downloads\Kindzadza_-_Unreleased_Tracks_(6)-2005-AoeL
2014-03-26 21:17 - 2014-03-26 21:17 - 00000000 ____D () C:\Users\david_000\Downloads\Crazy Astronaut - Renegade
2014-03-24 23:02 - 2014-03-24 23:02 - 00000222 _____ () C:\Users\david_000\Desktop\No More Room in Hell.url
2014-03-21 01:13 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-21 01:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-19 20:00 - 2014-03-19 20:00 - 00188984 _____ () C:\Users\david_000\Downloads\138081_2014S.zip
2014-03-19 20:00 - 2014-03-19 20:00 - 00000000 ____D () C:\Users\david_000\Downloads\138081_2014S
2014-03-18 17:31 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 17:31 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 17:31 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 17:31 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 17:31 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 17:31 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 17:31 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-18 17:30 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 17:30 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 17:30 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 17:30 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 17:30 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 17:30 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 17:30 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 17:30 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 17:30 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 17:30 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 17:30 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 17:30 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 17:30 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 17:30 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 17:30 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 17:30 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 17:30 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 17:30 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 17:30 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 17:30 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 17:30 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 17:30 - 2013-12-27 11:21 - 13192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-03-18 17:30 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 17:30 - 2013-12-27 09:27 - 11688448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-03-18 17:30 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 17:30 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 17:30 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 17:30 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 17:30 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 17:30 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 17:30 - 2013-12-13 09:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-03-18 17:30 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 17:30 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 17:30 - 2013-12-09 01:43 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-03-18 17:30 - 2013-12-09 01:25 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-03-18 00:21 - 2014-04-03 17:22 - 00000635 _____ () C:\Users\david_000\.pri
2014-03-18 00:18 - 2014-04-03 17:23 - 00000128 _____ () C:\Users\david_000\.airStream
2014-03-18 00:18 - 2014-03-18 01:39 - 00000000 ____D () C:\Users\david_000\Airstream
2014-03-18 00:00 - 2014-03-18 00:09 - 18523648 _____ () C:\Users\david_000\Downloads\airstream-pc.msi
2014-03-17 21:08 - 2014-03-17 21:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-17 20:47 - 2014-03-17 20:47 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\ProgramData\Sun
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-17 20:45 - 2014-03-17 20:45 - 00921000 _____ (Oracle Corporation) C:\Users\david_000\Downloads\jxpiinstall.exe
2014-03-15 21:43 - 2014-03-15 21:43 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Samsung
2014-03-15 21:35 - 2014-03-15 21:35 - 00002022 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00000000 ____D () C:\Users\david_000\Documents\samsung
2014-03-15 21:34 - 2014-01-23 19:23 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2014-03-15 21:34 - 2014-01-23 19:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2014-03-15 21:31 - 2014-03-15 21:31 - 00000000 ____D () C:\Users\david_000\AppData\Local\Downloaded Installations
2014-03-15 21:18 - 2014-03-15 21:19 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\david_000\Downloads\KiesSetup.exe
2014-03-13 16:51 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 16:51 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 16:51 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 16:50 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 16:50 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 16:50 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 16:50 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 16:50 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 16:50 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 16:50 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 16:50 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 16:50 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 16:50 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 16:50 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 16:50 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 16:50 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 16:50 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 16:50 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 16:50 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 16:50 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 16:50 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 16:50 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 16:50 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 16:50 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 16:50 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 16:50 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 16:50 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 16:50 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 16:50 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 16:50 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 16:50 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 16:50 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 16:50 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 16:50 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 16:50 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 16:50 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 16:50 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 16:50 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 16:50 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 16:50 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 16:50 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 16:50 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 16:50 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 16:50 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 16:50 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 16:50 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 16:50 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 16:50 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 16:50 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 16:50 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 16:50 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 16:50 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 16:50 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 16:50 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 16:50 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 16:50 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-03-13 16:50 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-03-13 16:50 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-13 16:50 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-13 16:50 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-03-13 16:50 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-03-13 16:50 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 16:50 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 16:50 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-08 05:25 - 2014-03-08 05:25 - 00000721 _____ () C:\Users\david_000\Documents\SkyDrive - Shortcut.lnk
2014-03-07 16:54 - 2014-03-07 16:57 - 00000000 ____D () C:\Users\david_000\Downloads\The Beatles
2014-03-06 22:01 - 2014-03-06 22:12 - 00000000 ____D () C:\Users\david_000\Downloads\The Millennium Trilogy [Dual Audio]

==================== One Month Modified Files and Folders =======

2014-04-04 15:13 - 2014-04-04 15:13 - 00017842 _____ () C:\Users\david_000\Desktop\FRST.txt
2014-04-04 15:13 - 2014-04-04 15:12 - 00000000 ____D () C:\FRST
2014-04-04 15:11 - 2014-04-04 15:11 - 00000550 _____ () C:\Users\david_000\Desktop\defogger_disable.log
2014-04-04 15:11 - 2014-04-04 15:11 - 00000168 _____ () C:\Users\david_000\defogger_reenable
2014-04-04 15:11 - 2013-12-08 22:56 - 00000000 ____D () C:\Users\david_000
2014-04-04 15:05 - 2013-10-10 18:40 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 14:56 - 2014-04-04 14:55 - 00337068 _____ () C:\Users\david_000\Desktop\cc_20140404_145535.reg
2014-04-04 14:56 - 2014-03-29 16:26 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 14:54 - 2013-12-29 20:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-04 14:54 - 2013-12-08 23:36 - 00000000 ___DC () C:\WINDOWS\Panther
2014-04-04 14:54 - 2013-11-21 18:46 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\DAEMON Tools Lite
2014-04-04 14:54 - 2013-10-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 14:54 - 2013-10-06 18:21 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\TS3Client
2014-04-04 14:54 - 2013-08-21 00:12 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\uTorrent
2014-04-04 14:54 - 2013-08-15 16:36 - 00000000 ____D () C:\Users\david_000\AppData\Local\CrashDumps
2014-04-04 14:54 - 2013-08-14 09:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699152627-3642012173-1828022434-1001
2014-04-04 14:49 - 2014-04-04 14:49 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-04-04 14:49 - 2014-04-04 14:49 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 14:49 - 2014-04-04 14:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 14:48 - 2014-04-04 14:48 - 03710504 _____ (Piriform Ltd) C:\Users\david_000\Downloads\ccsetup412_slim.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 02157056 _____ (Farbar) C:\Users\david_000\Desktop\FRST64.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 00380416 _____ () C:\Users\david_000\Desktop\Gmer-19357.exe
2014-04-04 14:28 - 2014-04-04 14:28 - 00050477 _____ () C:\Users\david_000\Desktop\Defogger.exe
2014-04-04 14:28 - 2013-08-14 11:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-04 14:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-04 13:12 - 2013-09-30 06:11 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-04 03:05 - 2013-10-10 18:42 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-04 03:05 - 2013-10-10 18:40 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 03:00 - 2013-10-10 18:40 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 03:00 - 2013-10-10 18:40 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 22:13 - 2014-01-30 00:45 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Skype
2014-04-03 18:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-03 17:25 - 2013-08-14 10:41 - 00000000 ____D () C:\ProgramData\WinClon
2014-04-03 17:23 - 2014-04-03 17:23 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-03 17:23 - 2014-03-18 00:18 - 00000128 _____ () C:\Users\david_000\.airStream
2014-04-03 17:22 - 2014-03-18 00:21 - 00000635 _____ () C:\Users\david_000\.pri
2014-04-03 17:22 - 2013-12-10 15:26 - 00000000 __RDO () C:\Users\david_000\SkyDrive
2014-04-02 23:33 - 2013-10-29 22:08 - 00000000 ____D () C:\Users\david_000\Desktop\D
2014-04-02 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-01 13:42 - 2013-08-14 09:45 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 13:42 - 2013-08-14 09:45 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 13:40 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-01 13:40 - 2013-08-14 10:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:39 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-03-30 02:58 - 2014-02-15 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 16:25 - 2014-03-29 16:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\david_000\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 16:25 - 2014-03-29 16:25 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 03:14 - 2014-02-06 21:49 - 00000000 ____D () C:\Users\david_000\Documents\VirtualDJ
2014-03-27 15:28 - 2014-03-27 15:27 - 00000000 ____D () C:\Users\david_000\Downloads\Kindzadza_-_Unreleased_Tracks_(6)-2005-AoeL
2014-03-26 21:17 - 2014-03-26 21:17 - 00000000 ____D () C:\Users\david_000\Downloads\Crazy Astronaut - Renegade
2014-03-26 16:03 - 2013-10-06 18:20 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-24 23:02 - 2014-03-24 23:02 - 00000222 _____ () C:\Users\david_000\Desktop\No More Room in Hell.url
2014-03-22 04:31 - 2013-08-14 10:53 - 00000000 ____D () C:\ProgramData\Atheros
2014-03-19 20:00 - 2014-03-19 20:00 - 00188984 _____ () C:\Users\david_000\Downloads\138081_2014S.zip
2014-03-19 20:00 - 2014-03-19 20:00 - 00000000 ____D () C:\Users\david_000\Downloads\138081_2014S
2014-03-18 20:41 - 2013-08-14 14:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 20:40 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-18 20:40 - 2013-08-14 14:26 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 01:39 - 2014-03-18 00:18 - 00000000 ____D () C:\Users\david_000\Airstream
2014-03-18 00:09 - 2014-03-18 00:00 - 18523648 _____ () C:\Users\david_000\Downloads\airstream-pc.msi
2014-03-17 21:08 - 2014-03-17 21:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-17 20:47 - 2014-03-17 20:47 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\ProgramData\Sun
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-17 20:45 - 2014-03-17 20:45 - 00921000 _____ (Oracle Corporation) C:\Users\david_000\Downloads\jxpiinstall.exe
2014-03-16 19:52 - 2013-08-22 16:44 - 00360960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 21:43 - 2014-03-15 21:43 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Samsung
2014-03-15 21:36 - 2013-08-14 10:51 - 00000000 ____D () C:\Users\david_000\AppData\Local\Samsung
2014-03-15 21:35 - 2014-03-15 21:35 - 00002022 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00000000 ____D () C:\Users\david_000\Documents\samsung
2014-03-15 21:35 - 2012-09-01 13:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-15 21:34 - 2013-08-14 10:21 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-15 21:34 - 2012-09-01 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-15 21:31 - 2014-03-15 21:31 - 00000000 ____D () C:\Users\david_000\AppData\Local\Downloaded Installations
2014-03-15 21:19 - 2014-03-15 21:18 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\david_000\Downloads\KiesSetup.exe
2014-03-13 18:50 - 2013-08-27 00:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:50 - 2013-08-27 00:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 22:28 - 2013-08-14 11:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-08 05:25 - 2014-03-08 05:25 - 00000721 _____ () C:\Users\david_000\Documents\SkyDrive - Shortcut.lnk
2014-03-07 16:57 - 2014-03-07 16:54 - 00000000 ____D () C:\Users\david_000\Downloads\The Beatles
2014-03-06 22:12 - 2014-03-06 22:01 - 00000000 ____D () C:\Users\david_000\Downloads\The Millennium Trilogy [Dual Audio]
2014-03-05 10:26 - 2014-03-29 16:25 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-05 10:26 - 2014-03-29 16:25 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-05 10:26 - 2014-03-29 16:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-05 00:53 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:53 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\david_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 16:50] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-02 14:53

==================== End Of Log ============================
         
Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by david_000 at 2014-04-04 15:13:39
Running from C:\Users\david_000\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Zombie, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.6 - Canon Inc.)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon MP240 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Daum PotPlayer 1.5.40688 (HKLM-x32\...\PotPlayer) (Version:  - )
Dishonored (HKLM-x32\...\Dishonored_is1) (Version:  - )
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.6.722 - Foxit Corporation)
G-Force (HKLM-x32\...\G-Force) (Version: 5.1.4 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Psychonauts (HKLM-x32\...\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}) (Version: 1.0 - Double Fine Productions)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Reason 5.0 (HKLM-x32\...\Reason5_is1) (Version: 5.0 - Propellerhead Software AB)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.10 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S.T.A.L.K.E.R. - Clear Sky (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0001 - Deep Silver)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Vibosoft ePub Converter (HKCU\...\Vibosoft ePub Converter) (Version: 2.1.5 - Vibosoft)
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)

==================== Restore Points  =========================

17-03-2014 18:46:33 Installed Java 7 Update 51
26-03-2014 00:37:05 Scheduled Checkpoint
02-04-2014 17:30:55 Scheduled Checkpoint
04-04-2014 12:27:29 Removed AirStream-Suite

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BBFF2E4-447F-4935-8216-1AAFE16A3343} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {4140EA2B-469A-4195-B813-FEBF8030F44A} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B8D4AE0-8012-452A-9166-E031F210C04C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-10] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B15ECE50-A73E-4FE3-839E-4D8859E6CFAA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C37932A2-C6A4-4837-BF18-11B5E675BABD} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-06-19] (SEC)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8AE48A0-F5D1-44EF-96C0-A354B86C54D7} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {D997E3A1-4DC1-48A4-9F8C-A6025BC814CD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-18] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD0F5E20-F400-49DF-B89A-8477AFBC2C00} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {E1B5CC85-8831-4560-B4C7-4C67C61EDEF6} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-11-30 12:26 - 2012-11-30 12:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-05 16:44 - 2012-12-05 16:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-12-05 16:41 - 2012-12-05 16:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-05 16:44 - 2012-12-05 16:44 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-04-04 14:28 - 2014-04-04 14:28 - 00050477 _____ () C:\Users\david_000\Desktop\Defogger.exe
2013-08-14 11:59 - 2013-08-14 11:59 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-19 12:48 - 2014-02-19 12:48 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8310d224af54d6cbd9fce767da495350\PSIClient.ni.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 12:26 - 2012-11-30 12:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\david_000\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 03:10:20 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.0.0.495 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1704

Start Time: 01cf500547c836af

Termination Time: 8

Application Path: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Report Id: 68b19530-bbfa-11e3-be9c-50b7c34f23d2

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/04/2014 02:37:11 PM) (Source: Application Hang) (User: )
Description: The program mbam.exe version 1.0.0.495 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f20

Start Time: 01cf5001f929530b

Termination Time: 0

Application Path: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Report Id: d4237fcc-bbf5-11e3-be9c-50b7c34f23d2

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/03/2014 05:10:48 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8250

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8250

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 11:52:36 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 28.0.0.5186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1074

Start Time: 01cf4ebc61c910c6

Termination Time: 35

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 1149d317-bab1-11e3-be9c-50b7c34f23d2

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/02/2014 10:16:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Faulting module name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Exception code: 0xc0000005
Fault offset: 0x00578890
Faulting process ID: 0x1654
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report ID: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (04/02/2014 09:55:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Faulting module name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Exception code: 0xc0000005
Fault offset: 0x00578890
Faulting process ID: 0x10bc
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report ID: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5

Error: (04/02/2014 09:24:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Faulting module name: League of Legends.exe, version: 4.4.0.1885, time stamp: 0x533a292a
Exception code: 0xc0000005
Fault offset: 0x00578890
Faulting process ID: 0x1978
Faulting application start time: 0xLeague of Legends.exe0
Faulting application path: League of Legends.exe1
Faulting module path: League of Legends.exe2
Report ID: League of Legends.exe3
Faulting package full name: League of Legends.exe4
Faulting package-relative application ID: League of Legends.exe5


System errors:
=============
Error: (04/04/2014 10:00:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/03/2014 10:29:02 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/02/2014 02:46:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/01/2014 08:27:49 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053

Error: (04/01/2014 08:27:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (04/01/2014 00:45:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/31/2014 05:00:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/30/2014 02:16:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/29/2014 03:08:08 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/28/2014 01:57:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (04/04/2014 03:10:20 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.0.0.495170401cf500547c836af8C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe68b19530-bbfa-11e3-be9c-50b7c34f23d2

Error: (04/04/2014 02:37:11 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.0.0.495f2001cf5001f929530b0C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exed4237fcc-bbf5-11e3-be9c-50b7c34f23d2

Error: (04/03/2014 05:10:48 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8250

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8250

Error: (04/03/2014 02:11:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/02/2014 11:52:36 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.5186107401cf4ebc61c910c635C:\Program Files (x86)\Mozilla Firefox\firefox.exe1149d317-bab1-11e3-be9c-50b7c34f23d2

Error: (04/02/2014 10:16:35 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.4.0.1885533a292aLeague of Legends.exe4.4.0.1885533a292ac000000500578890165401cf4eadf9f75dc8C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exeafdacde8-baa3-11e3-be9c-50b7c34f23d2

Error: (04/02/2014 09:55:13 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.4.0.1885533a292aLeague of Legends.exe4.4.0.1885533a292ac00000050057889010bc01cf4ea99abd67a3C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exeb38ee188-baa0-11e3-be9c-50b7c34f23d2

Error: (04/02/2014 09:24:06 PM) (Source: Application Error)(User: )
Description: League of Legends.exe4.4.0.1885533a292aLeague of Legends.exe4.4.0.1885533a292ac000000500578890197801cf4ea4999b409bC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League of Legends.exe5ad7253a-ba9c-11e3-be9c-50b7c34f23d2


==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 6035.67 MB
Available physical RAM: 4131.41 MB
Total Pagefile: 12179.67 MB
Available Pagefile: 9950.95 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.34 GB) (Free:241.16 GB) NTFS
Drive h: (MyDrive) (Fixed) (Total:465.76 GB) (Free:307.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 672BD4A0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 597A97EF)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gmer normaler Modus (siehe oben Fehlermeldung)
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 15:25:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST500LM012_HN-M500MBB rev.2AR10002 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\DAVID_~1\AppData\Local\Temp\awdyypog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                             fffff9600021de00 15 bytes [00, FA, 0E, 02, C0, 9C, 70, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                        fffff9600021de10 11 bytes [00, 00, FC, FF, 80, FA, C0, ...]

---- User code sections - GMER 2.1 ----

.text   C:\Windows\System32\igfxpers.exe[2964] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506               00007ffa988c169a 4 bytes [8C, 98, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[2964] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514               00007ffa988c16a2 4 bytes [8C, 98, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[2964] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                  00007ffa988c181a 4 bytes [8C, 98, FA, 7F]
.text   C:\Windows\System32\igfxpers.exe[2964] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                  00007ffa988c1832 4 bytes [8C, 98, FA, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2024] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194  00007ffa8c9b1f6a 4 bytes [9B, 8C, FA, 7F]
.text   C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2024] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218  00007ffa8c9b1f82 4 bytes [9B, 8C, FA, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [6424:4264]                                                                   fffff960008694d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                       unknown MBR code

---- EOF - GMER 2.1 ----
         
Gmer abgesicherter Modus (siehe oben Fehlermeldung)
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 15:40:52
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\0000002f ST500LM012_HN-M500MBB rev.2AR10002 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\DAVID_~1\AppData\Local\Temp\awdyypog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960                            fffff8019edd8a00 84 bytes [80, 1F, AE, FF, 82, 28, 5E, ...]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\Explorer.EXE[300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714    00007ffd59af154a 4 bytes [AF, 59, FD, 7F]
.text   C:\WINDOWS\Explorer.EXE[300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722    00007ffd59af1552 4 bytes [AF, 59, FD, 7F]
.text   C:\WINDOWS\Explorer.EXE[300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98   00007ffd59af162a 4 bytes [AF, 59, FD, 7F]
.text   C:\WINDOWS\Explorer.EXE[300] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122  00007ffd59af1642 4 bytes [AF, 59, FD, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [452:484]                                            fffff9600084a4d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                              unknown MBR code

---- EOF - GMER 2.1 ----
         
MBAM (vor CCleaner registry run)
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 04/04/2014
Scan Time: 14:51:49
Logfile: MBAMlog.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: david_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 251835
Time Elapsed: 12 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 7
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [ea6970b694e77fb7a19b0b36e61c7f81], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [ea6970b694e77fb7a19b0b36e61c7f81], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, , [084bd65019622f073a4d780bc04311ef], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, , [ec6793932259330388fe473c4ab9a957], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, , [6ee5ed39f48777bf5c3491f3c340d52b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [143f41e53b40cb6be8883934c73b60a0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [b1a2071f770495a1ecc20d761ae9ca36], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, , [b1a2071f770495a1ecc20d761ae9ca36]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
MBAM nach CCleaner registry run
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 04/04/2014
Scan Time: 15:09:34
Logfile: MBAMlog2.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.04.03
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: david_000

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 250671
Time Elapsed: 12 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [78db41e52853290db28a7fc2d72bcd33], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [78db41e52853290db28a7fc2d72bcd33], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\DataMngr, , [de75f333b4c761d5493e156e946f2fd1], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\BABSOLUTION\Updater, , [fe559e885427bb7bc8c81a6a13f06e92], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [c58e30f61c5f4fe7630dcba2af531be5], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE, , [7dd6af77f2894ee8505e6023778c02fe], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1699152627-3642012173-1828022434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, , [7dd6af77f2894ee8505e6023778c02fe]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 04.04.2014, 17:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags - Standard

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags



hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________

__________________

Alt 05.04.2014, 11:25   #3
Godaka
 
Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags - Standard

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags



hi,
danke fuer die rasche antwort, hier die logs.

Adwcleaner
Code:
ATTFilter
# AdwCleaner v3.023 - Report created 05/04/2014 at 11:50:04
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : david_000 - VIENNA-PC
# Running from : C:\Users\david_000\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\BitLord 2
Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\david_000\AppData\Roaming\Babylon
Folder Deleted : C:\Users\david_000\AppData\Roaming\BitLord
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKCU\Software\d08dd1b76abd49
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\Software\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\david_000\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4ssfd.default-1383161482086\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2690 octets] - [05/04/2014 11:48:21]
AdwCleaner[S0].txt - [2451 octets] - [05/04/2014 11:50:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2511 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 x64
Ran by david_000 on 05/04/2014 at 12:00:09.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1699152627-3642012173-1828022434-1001\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\david_000\AppData\Roaming\mozilla\firefox\profiles\fpj4ssfd.default-1383161482086\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/04/2014 at 12:06:29.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by david_000 (administrator) on VIENNA-PC on 05-04-2014 12:18:36
Running from C:\Users\david_000\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] - C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-01] (Valve Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [uTorrent] - C:\Users\david_000\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [SansaDispatch] - C:\Users\david_000\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-02] (SanDisk Corporation)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\...\Policies\system: [DisableLockWorkstation] 0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com/ig
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - {F56BDF20-188E-423A-ABF4-583937128D8C} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21

FireFox:
========
FF ProfilePath: C:\Users\david_000\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4ssfd.default-1383161482086
FF Homepage: hxxp://www.startme.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\david_000\AppData\Roaming\Mozilla\Firefox\Profiles\fpj4ssfd.default-1383161482086\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-30]

Chrome: 
=======
CHR HomePage: hxxp://www.startme.com/
CHR Extension: (Google Drive) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-10]
CHR Extension: (YouTube) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-10]
CHR Extension: (Adblock Plus) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-11]
CHR Extension: (STARTME.COM) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmnkhhioonhiehehedmnjibmampjiab [2014-01-12]
CHR Extension: (Google Search) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-10]
CHR Extension: (Google Calendar) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-10]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-10-10]
CHR Extension: (AdBlock) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-14]
CHR Extension: (BBC Good Food) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2013-10-10]
CHR Extension: (Google Maps) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-10-10]
CHR Extension: (WeatherBug) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-01-12]
CHR Extension: (Google Wallet) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-10]
CHR Extension: (Outlook.com) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2013-10-10]
CHR Extension: (Gmail) - C:\Users\david_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-10]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-13] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-03-13] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-12] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-11-21] (Disc Soft Ltd)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-29] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-08] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-05 12:06 - 2014-04-05 12:06 - 00000958 _____ () C:\Users\david_000\Desktop\JRT.txt
2014-04-05 12:00 - 2014-04-05 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 11:56 - 2014-04-05 11:56 - 01038974 _____ (Thisisu) C:\Users\david_000\Downloads\JRT.exe
2014-04-05 11:56 - 2014-04-05 11:56 - 00002599 _____ () C:\Users\david_000\Desktop\AdwCleaner[S0].txt
2014-04-05 11:52 - 2014-04-05 11:52 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-05 11:47 - 2014-04-05 11:47 - 01426178 _____ () C:\Users\david_000\Downloads\adwcleaner(1).exe
2014-04-04 19:31 - 2014-04-05 11:50 - 00000000 ____D () C:\AdwCleaner
2014-04-04 19:31 - 2014-04-04 19:31 - 01426178 _____ () C:\Users\david_000\Desktop\adwcleaner.exe
2014-04-04 15:47 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-04-04 15:43 - 2014-04-05 12:04 - 00199298 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-04 15:40 - 2014-04-04 15:40 - 00001366 _____ () C:\Users\david_000\Desktop\Gmer2.txt
2014-04-04 15:25 - 2014-04-04 16:42 - 00002036 _____ () C:\Users\david_000\Desktop\Gmer.txt
2014-04-04 15:13 - 2014-04-05 12:18 - 00014941 _____ () C:\Users\david_000\Desktop\FRST.txt
2014-04-04 15:13 - 2014-04-04 15:14 - 00029496 _____ () C:\Users\david_000\Desktop\Addition.txt
2014-04-04 15:12 - 2014-04-05 12:18 - 00000000 ____D () C:\FRST
2014-04-04 15:11 - 2014-04-04 15:11 - 00000550 _____ () C:\Users\david_000\Desktop\defogger_disable.log
2014-04-04 15:11 - 2014-04-04 15:11 - 00000168 _____ () C:\Users\david_000\defogger_reenable
2014-04-04 14:55 - 2014-04-04 14:56 - 00337068 _____ () C:\Users\david_000\Desktop\cc_20140404_145535.reg
2014-04-04 14:49 - 2014-04-04 14:49 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-04-04 14:49 - 2014-04-04 14:49 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 14:49 - 2014-04-04 14:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 14:48 - 2014-04-04 14:48 - 03710504 _____ (Piriform Ltd) C:\Users\david_000\Downloads\ccsetup412_slim.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 02157056 _____ (Farbar) C:\Users\david_000\Desktop\FRST64.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 00380416 _____ () C:\Users\david_000\Desktop\Gmer-19357.exe
2014-04-04 14:28 - 2014-04-04 14:28 - 00050477 _____ () C:\Users\david_000\Desktop\Defogger.exe
2014-03-29 16:26 - 2014-04-04 14:56 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 16:25 - 2014-03-29 16:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\david_000\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 16:25 - 2014-03-29 16:25 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 16:25 - 2014-03-05 10:26 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-29 16:25 - 2014-03-05 10:26 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-03-29 16:25 - 2014-03-05 10:26 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-27 15:27 - 2014-03-27 15:28 - 00000000 ____D () C:\Users\david_000\Downloads\Kindzadza_-_Unreleased_Tracks_(6)-2005-AoeL
2014-03-26 21:17 - 2014-03-26 21:17 - 00000000 ____D () C:\Users\david_000\Downloads\Crazy Astronaut - Renegade
2014-03-24 23:02 - 2014-03-24 23:02 - 00000222 _____ () C:\Users\david_000\Desktop\No More Room in Hell.url
2014-03-21 01:13 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-21 01:13 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-19 20:00 - 2014-03-19 20:00 - 00188984 _____ () C:\Users\david_000\Downloads\138081_2014S.zip
2014-03-19 20:00 - 2014-03-19 20:00 - 00000000 ____D () C:\Users\david_000\Downloads\138081_2014S
2014-03-18 17:31 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-18 17:31 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-18 17:31 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-18 17:31 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-18 17:31 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-18 17:31 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-18 17:31 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-18 17:30 - 2014-01-08 03:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-03-18 17:30 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-18 17:30 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-18 17:30 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-18 17:30 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-18 17:30 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-18 17:30 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-18 17:30 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-18 17:30 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-18 17:30 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-18 17:30 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-18 17:30 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-18 17:30 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-18 17:30 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-18 17:30 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-18 17:30 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-18 17:30 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-18 17:30 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-18 17:30 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-18 17:30 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-18 17:30 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-18 17:30 - 2013-12-27 11:21 - 13192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-03-18 17:30 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-18 17:30 - 2013-12-27 09:27 - 11688448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-03-18 17:30 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-18 17:30 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-18 17:30 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-18 17:30 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-18 17:30 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-18 17:30 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-18 17:30 - 2013-12-13 09:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-03-18 17:30 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-18 17:30 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-18 17:30 - 2013-12-09 01:43 - 01104896 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-03-18 17:30 - 2013-12-09 01:25 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-03-18 00:21 - 2014-04-03 17:22 - 00000635 _____ () C:\Users\david_000\.pri
2014-03-18 00:18 - 2014-04-03 17:23 - 00000128 _____ () C:\Users\david_000\.airStream
2014-03-18 00:18 - 2014-03-18 01:39 - 00000000 ____D () C:\Users\david_000\Airstream
2014-03-18 00:00 - 2014-03-18 00:09 - 18523648 _____ () C:\Users\david_000\Downloads\airstream-pc.msi
2014-03-17 21:08 - 2014-03-17 21:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-17 20:47 - 2014-03-17 20:47 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\ProgramData\Sun
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-17 20:45 - 2014-03-17 20:45 - 00921000 _____ (Oracle Corporation) C:\Users\david_000\Downloads\jxpiinstall.exe
2014-03-15 21:43 - 2014-03-15 21:43 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Samsung
2014-03-15 21:35 - 2014-03-15 21:35 - 00002022 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00000000 ____D () C:\Users\david_000\Documents\samsung
2014-03-15 21:34 - 2014-01-23 19:23 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2014-03-15 21:34 - 2014-01-23 19:23 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2014-03-15 21:31 - 2014-03-15 21:31 - 00000000 ____D () C:\Users\david_000\AppData\Local\Downloaded Installations
2014-03-15 21:18 - 2014-03-15 21:19 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\david_000\Downloads\KiesSetup.exe
2014-03-13 16:51 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-13 16:51 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-13 16:51 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-13 16:50 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-13 16:50 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-13 16:50 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-13 16:50 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-13 16:50 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-13 16:50 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-13 16:50 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-13 16:50 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-13 16:50 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-13 16:50 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-13 16:50 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-13 16:50 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-13 16:50 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-13 16:50 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-13 16:50 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-13 16:50 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-13 16:50 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-13 16:50 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-13 16:50 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-13 16:50 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-13 16:50 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-13 16:50 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-13 16:50 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-13 16:50 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-13 16:50 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-13 16:50 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-13 16:50 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-13 16:50 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-13 16:50 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-13 16:50 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-13 16:50 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-13 16:50 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-13 16:50 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-13 16:50 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-13 16:50 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-13 16:50 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-13 16:50 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-13 16:50 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-13 16:50 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-13 16:50 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-13 16:50 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-13 16:50 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-13 16:50 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-13 16:50 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-13 16:50 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-13 16:50 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-13 16:50 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-13 16:50 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-13 16:50 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-13 16:50 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-13 16:50 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-13 16:50 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-13 16:50 - 2013-11-27 17:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-03-13 16:50 - 2013-11-27 13:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-03-13 16:50 - 2013-11-27 10:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-13 16:50 - 2013-11-27 10:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-03-13 16:50 - 2013-11-27 10:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-03-13 16:50 - 2013-11-27 10:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-03-13 16:50 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-13 16:50 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-13 16:50 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-08 05:25 - 2014-03-08 05:25 - 00000721 _____ () C:\Users\david_000\Documents\SkyDrive - Shortcut.lnk
2014-03-07 16:54 - 2014-03-07 16:57 - 00000000 ____D () C:\Users\david_000\Downloads\The Beatles
2014-03-06 22:01 - 2014-03-06 22:12 - 00000000 ____D () C:\Users\david_000\Downloads\The Millennium Trilogy [Dual Audio]

==================== One Month Modified Files and Folders =======

2014-04-05 12:18 - 2014-04-04 15:13 - 00014941 _____ () C:\Users\david_000\Desktop\FRST.txt
2014-04-05 12:18 - 2014-04-04 15:12 - 00000000 ____D () C:\FRST
2014-04-05 12:07 - 2013-08-14 09:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1699152627-3642012173-1828022434-1001
2014-04-05 12:06 - 2014-04-05 12:06 - 00000958 _____ () C:\Users\david_000\Desktop\JRT.txt
2014-04-05 12:05 - 2013-10-10 18:40 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-05 12:04 - 2014-04-04 15:43 - 00199298 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-05 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-05 12:00 - 2014-04-05 12:00 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-05 11:56 - 2014-04-05 11:56 - 01038974 _____ (Thisisu) C:\Users\david_000\Downloads\JRT.exe
2014-04-05 11:56 - 2014-04-05 11:56 - 00002599 _____ () C:\Users\david_000\Desktop\AdwCleaner[S0].txt
2014-04-05 11:55 - 2013-09-30 06:11 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-05 11:55 - 2013-08-14 10:41 - 00000000 ____D () C:\ProgramData\WinClon
2014-04-05 11:54 - 2013-10-10 18:42 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-05 11:52 - 2014-04-05 11:52 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-05 11:52 - 2013-12-10 15:26 - 00000000 __RDO () C:\Users\david_000\SkyDrive
2014-04-05 11:52 - 2013-10-10 18:40 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-05 11:51 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-05 11:50 - 2014-04-04 19:31 - 00000000 ____D () C:\AdwCleaner
2014-04-05 11:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-05 11:47 - 2014-04-05 11:47 - 01426178 _____ () C:\Users\david_000\Downloads\adwcleaner(1).exe
2014-04-05 02:40 - 2013-10-06 18:21 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\TS3Client
2014-04-04 19:31 - 2014-04-04 19:31 - 01426178 _____ () C:\Users\david_000\Desktop\adwcleaner.exe
2014-04-04 19:28 - 2013-08-14 11:01 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-04 17:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-04 16:42 - 2014-04-04 15:25 - 00002036 _____ () C:\Users\david_000\Desktop\Gmer.txt
2014-04-04 15:48 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-04 15:40 - 2014-04-04 15:40 - 00001366 _____ () C:\Users\david_000\Desktop\Gmer2.txt
2014-04-04 15:14 - 2014-04-04 15:13 - 00029496 _____ () C:\Users\david_000\Desktop\Addition.txt
2014-04-04 15:11 - 2014-04-04 15:11 - 00000550 _____ () C:\Users\david_000\Desktop\defogger_disable.log
2014-04-04 15:11 - 2014-04-04 15:11 - 00000168 _____ () C:\Users\david_000\defogger_reenable
2014-04-04 15:11 - 2013-12-08 22:56 - 00000000 ____D () C:\Users\david_000
2014-04-04 14:56 - 2014-04-04 14:55 - 00337068 _____ () C:\Users\david_000\Desktop\cc_20140404_145535.reg
2014-04-04 14:56 - 2014-03-29 16:26 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 14:54 - 2013-12-29 20:20 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-04 14:54 - 2013-12-08 23:36 - 00000000 ___DC () C:\WINDOWS\Panther
2014-04-04 14:54 - 2013-11-21 18:46 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\DAEMON Tools Lite
2014-04-04 14:54 - 2013-10-08 19:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-04 14:54 - 2013-08-21 00:12 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\uTorrent
2014-04-04 14:54 - 2013-08-15 16:36 - 00000000 ____D () C:\Users\david_000\AppData\Local\CrashDumps
2014-04-04 14:49 - 2014-04-04 14:49 - 00002780 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-04-04 14:49 - 2014-04-04 14:49 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 14:49 - 2014-04-04 14:49 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 14:48 - 2014-04-04 14:48 - 03710504 _____ (Piriform Ltd) C:\Users\david_000\Downloads\ccsetup412_slim.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 02157056 _____ (Farbar) C:\Users\david_000\Desktop\FRST64.exe
2014-04-04 14:31 - 2014-04-04 14:31 - 00380416 _____ () C:\Users\david_000\Desktop\Gmer-19357.exe
2014-04-04 14:28 - 2014-04-04 14:28 - 00050477 _____ () C:\Users\david_000\Desktop\Defogger.exe
2014-04-04 03:00 - 2013-10-10 18:40 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 03:00 - 2013-10-10 18:40 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-03 22:13 - 2014-01-30 00:45 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Skype
2014-04-03 17:23 - 2014-03-18 00:18 - 00000128 _____ () C:\Users\david_000\.airStream
2014-04-03 17:22 - 2014-03-18 00:21 - 00000635 _____ () C:\Users\david_000\.pri
2014-04-02 23:33 - 2013-10-29 22:08 - 00000000 ____D () C:\Users\david_000\Desktop\D
2014-04-02 19:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-01 13:42 - 2013-08-14 09:45 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-01 13:42 - 2013-08-14 09:45 - 00000000 ___RD () C:\Users\david_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 13:40 - 2013-08-14 10:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-04-01 13:38 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-03-30 02:58 - 2014-02-15 16:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 16:25 - 2014-03-29 16:25 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\david_000\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-29 16:25 - 2014-03-29 16:25 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 16:25 - 2014-03-29 16:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 03:14 - 2014-02-06 21:49 - 00000000 ____D () C:\Users\david_000\Documents\VirtualDJ
2014-03-27 15:28 - 2014-03-27 15:27 - 00000000 ____D () C:\Users\david_000\Downloads\Kindzadza_-_Unreleased_Tracks_(6)-2005-AoeL
2014-03-26 21:17 - 2014-03-26 21:17 - 00000000 ____D () C:\Users\david_000\Downloads\Crazy Astronaut - Renegade
2014-03-26 16:03 - 2013-10-06 18:20 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-03-24 23:02 - 2014-03-24 23:02 - 00000222 _____ () C:\Users\david_000\Desktop\No More Room in Hell.url
2014-03-22 04:31 - 2013-08-14 10:53 - 00000000 ____D () C:\ProgramData\Atheros
2014-03-19 20:00 - 2014-03-19 20:00 - 00188984 _____ () C:\Users\david_000\Downloads\138081_2014S.zip
2014-03-19 20:00 - 2014-03-19 20:00 - 00000000 ____D () C:\Users\david_000\Downloads\138081_2014S
2014-03-18 20:41 - 2013-08-14 14:26 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 20:40 - 2013-08-14 14:26 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-18 01:39 - 2014-03-18 00:18 - 00000000 ____D () C:\Users\david_000\Airstream
2014-03-18 00:09 - 2014-03-18 00:00 - 18523648 _____ () C:\Users\david_000\Downloads\airstream-pc.msi
2014-03-17 21:08 - 2014-03-17 21:08 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-17 20:47 - 2014-03-17 20:47 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-03-17 20:47 - 2014-03-17 20:47 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\ProgramData\Sun
2014-03-17 20:47 - 2014-03-17 20:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-17 20:45 - 2014-03-17 20:45 - 00921000 _____ (Oracle Corporation) C:\Users\david_000\Downloads\jxpiinstall.exe
2014-03-16 19:52 - 2013-08-22 16:44 - 00360960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-16 19:49 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 21:43 - 2014-03-15 21:43 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-15 21:36 - 2014-03-15 21:36 - 00000000 ____D () C:\Users\david_000\AppData\Roaming\Samsung
2014-03-15 21:36 - 2013-08-14 10:51 - 00000000 ____D () C:\Users\david_000\AppData\Local\Samsung
2014-03-15 21:35 - 2014-03-15 21:35 - 00002022 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00002012 _____ () C:\Users\Public\Desktop\Samsung Kies.lnk
2014-03-15 21:35 - 2014-03-15 21:35 - 00000000 ____D () C:\Users\david_000\Documents\samsung
2014-03-15 21:35 - 2012-09-01 13:33 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-03-15 21:34 - 2013-08-14 10:21 - 00000000 ____D () C:\ProgramData\Samsung
2014-03-15 21:34 - 2012-09-01 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-15 21:31 - 2014-03-15 21:31 - 00000000 ____D () C:\Users\david_000\AppData\Local\Downloaded Installations
2014-03-15 21:19 - 2014-03-15 21:18 - 75397136 _____ (Samsung Electronics Co., Ltd.) C:\Users\david_000\Downloads\KiesSetup.exe
2014-03-13 18:50 - 2013-08-27 00:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 18:50 - 2013-08-27 00:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 22:28 - 2013-08-14 11:01 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-08 05:25 - 2014-03-08 05:25 - 00000721 _____ () C:\Users\david_000\Documents\SkyDrive - Shortcut.lnk
2014-03-07 16:57 - 2014-03-07 16:54 - 00000000 ____D () C:\Users\david_000\Downloads\The Beatles
2014-03-06 22:12 - 2014-03-06 22:01 - 00000000 ____D () C:\Users\david_000\Downloads\The Millennium Trilogy [Dual Audio]

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\david_000\AppData\Local\Temp\avgnt.exe
C:\Users\david_000\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-13 16:50] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-04 17:30

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 06.04.2014, 11:58   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags - Standard

Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags
antivir, avira, bonjour, ccsetup, device driver, error, failed, firefox 28.0, flash player, homepage, mozilla, normaler modus, programm, pup optional, pup.optional.babylon.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.installcore.a, registry, samsung kies, security, sekunden, software, spielen, starten, svchost.exe, system, teamspeak, windows



Ähnliche Themen: Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags


  1. Win7:MBAM:PUP.Optional.MyStart.TB.A
    Log-Analyse und Auswertung - 12.05.2015 (14)
  2. MBAM findet Pop.Optional.Spigot.A
    Log-Analyse und Auswertung - 01.05.2015 (15)
  3. GMER stürzt ab - MBAM erkennt PUP.Optional.Agent, PUP.Optional.IEBho.A, PUP.Optional.MyFreeze.A
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (13)
  4. Nach mbam Scan: PUP Optional Softonic. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2015 (3)
  5. Vista: PUP.Optional.PriceGong.A, PUP.Optional.Conduit.A, chinesische Attack-Datei (94MB) in System32, Avira Probleme
    Log-Analyse und Auswertung - 25.04.2014 (24)
  6. Win8: Browser/Progs -"Not Responding" - Mbam--> 3xPUP optional.Installer
    Log-Analyse und Auswertung - 30.01.2014 (5)
  7. MBAM findet PUP.Optional - 1
    Log-Analyse und Auswertung - 28.10.2013 (9)
  8. Windows 7: MBAM Fund: PUP.Optional.Spigot.A
    Log-Analyse und Auswertung - 26.10.2013 (9)
  9. MBAM findet PUP.Optional.OpenCandy und PUP.Optional.Conduit.A
    Log-Analyse und Auswertung - 24.10.2013 (11)
  10. MBAM findet PUP.Optional - 2
    Mülltonne - 14.10.2013 (1)
  11. MBAM findet PUP.Optional
    Log-Analyse und Auswertung - 14.10.2013 (1)
  12. PUP.Optional.SweetIM.A im MBAM log
    Log-Analyse und Auswertung - 28.09.2013 (1)
  13. Malwarebytes und Avira finden PUP.Optional.OpenCandy, PUP.Optional.Softonic, ADWARE/InstallCo.HF
    Log-Analyse und Auswertung - 14.09.2013 (9)
  14. MBAM findet PUP.Optional.OpenCandy
    Plagegeister aller Art und deren Bekämpfung - 03.09.2013 (9)
  15. PUP Optional. Browser Defender A und PUP Optional. Babylon A von Malwarebytes gelöscht?
    Log-Analyse und Auswertung - 28.08.2013 (14)
  16. PUP.Optional.Conduit.A bei MBAM angezeigt
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (11)
  17. Windows 7: PUP.Optional.OpenCandy von MBAM gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (9)

Zum Thema Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags - Hallihallo liebes Trojanerboard. Ich habe folgende Symptome: Firefox haengt sich immer wieder auf. Manchmal wenige Sekunden, meistens aber 1-2 Minuten lang. Aehnliche "Lagspikes" bekomm ich auch (jedoch nicht so haeufig/bemerkbar) - Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags...
Archiv
Du betrachtest: Win 8.1 - PUP.Optional auf mehreren Geraeten. MBAM, Avira & Browser fehlverhalten, Lags auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.