Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Dana (administrator) on LENOVO-D on 22-07-2015 14:06:49
Running from C:\Users\Dana\Downloads
Loaded Profiles: Dana (Available Profiles: Dana)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Dana\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\lenovo\Lenovo Solution Center\LSCNotify.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-04] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891080 2013-10-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-27] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-27] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-02-24] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-19] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-02-24] (Samsung)
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\...\Run: [Amazon Music] => C:\Users\Dana\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-17] ()
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\...\Run: [Spotify Web Helper] => C:\Users\Dana\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-14] (Spotify Ltd)
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\...\Run: [Google Update] => C:\Users\Dana\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-03-28] (Google Inc.)
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\...\Run: [Dropbox Update] => C:\Users\Dana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
Startup: C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dana\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-19] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:57800;https=127.0.0.1:57800
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://lenovo13.msn.com/?pc=LCJB
hxxp://www.lenovo.com
HKU\S-1-5-21-1602078527-2339295992-2746922436-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-19] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-19] (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09E75A22-3EE0-4CEC-BDCD-5D51898E5AC0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2A6509CE-CD0E-4DC3-A963-53BBA333FDAE}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\r687zc0f.default-1421086628845
FF NewTab: www.google.com
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2013-12-12] (Nitro PDF)
FF Plugin HKU\S-1-5-21-1602078527-2339295992-2746922436-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1602078527-2339295992-2746922436-1001: @talk.google.com/O1DPlugin -> C:\Users\Dana\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1602078527-2339295992-2746922436-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dana\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1602078527-2339295992-2746922436-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dana\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Dana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dana\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-19]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-19]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-19] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-27] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-09] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-21] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-27] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-12] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2014-09-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-19] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-26] (Realtek Semiconductor Corporation )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:06 - 2015-07-22 14:07 - 00020726 _____ C:\Users\Dana\Downloads\FRST.txt
2015-07-22 14:06 - 2015-07-22 14:06 - 02135552 _____ (Farbar) C:\Users\Dana\Downloads\FRST64.exe
2015-07-22 14:05 - 2015-07-22 14:05 - 00000470 _____ C:\Users\Dana\Desktop\defogger_disable.log
2015-07-22 14:04 - 2015-07-22 14:04 - 00050477 _____ C:\Users\Dana\Downloads\Defogger.exe
2015-07-22 08:49 - 2015-07-22 14:06 - 00000000 ____D C:\FRST
2015-07-22 08:37 - 2015-07-22 08:37 - 00000000 _____ C:\Users\Dana\defogger_reenable
2015-07-20 09:48 - 2015-07-20 09:49 - 92110026 _____ C:\Users\Dana\Downloads\xvideos.com_410297d19300ebf948c379f87621ed60.mp4
2015-07-19 21:21 - 2015-07-22 08:55 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thriXXX
2015-07-19 21:21 - 2015-07-19 21:25 - 00000000 ____D C:\Users\Dana\AppData\Roaming\thriXXX
2015-07-19 21:21 - 2015-07-19 21:21 - 00000000 ____D C:\ProgramData\thriXXX
2015-07-19 21:21 - 2015-07-19 21:21 - 00000000 ____D C:\Program Files (x86)\thriXXX
2015-07-19 13:25 - 2015-07-20 10:04 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-19 13:24 - 2015-07-19 13:24 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-19 13:24 - 2015-07-19 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-19 13:24 - 2015-07-19 13:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-19 13:24 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-19 13:24 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-19 13:24 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-19 13:23 - 2015-07-19 13:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Dana\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-19 09:39 - 2015-07-19 09:39 - 00000000 ____D C:\Users\Dana\AppData\Roaming\AVAST Software
2015-07-19 09:37 - 2015-07-19 09:37 - 00001949 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-19 09:37 - 2015-07-19 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-19 09:36 - 2015-07-19 09:36 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-07-19 09:36 - 2015-07-19 09:35 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-07-19 09:36 - 2015-07-19 09:35 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00150160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-07-19 09:36 - 2015-07-19 09:35 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-07-19 09:35 - 2015-07-19 09:35 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-07-19 09:34 - 2015-07-19 09:34 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-19 09:32 - 2015-07-19 09:32 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-18 08:13 - 2015-06-30 00:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-18 08:13 - 2015-06-29 17:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-18 08:13 - 2015-06-29 17:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-18 08:13 - 2015-06-29 17:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-18 08:13 - 2015-06-29 17:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-18 08:13 - 2015-06-29 17:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-18 08:13 - 2015-06-27 01:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-18 08:13 - 2015-06-27 01:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-16 10:07 - 2015-05-11 18:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-16 10:07 - 2015-05-03 17:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-16 10:07 - 2015-05-03 16:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 10:07 - 2015-05-02 01:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-16 10:07 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-16 10:07 - 2015-04-28 15:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-16 10:07 - 2015-04-23 17:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-16 10:07 - 2015-04-23 17:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 11:02 - 2015-06-28 07:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 11:02 - 2015-06-28 07:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 11:02 - 2015-06-28 07:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 11:02 - 2015-06-28 07:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 11:02 - 2015-06-27 18:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 11:02 - 2015-06-27 05:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 11:02 - 2015-06-27 05:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 11:02 - 2015-06-27 05:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 11:02 - 2015-06-27 04:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 11:02 - 2015-06-27 04:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 11:02 - 2015-06-27 04:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 11:02 - 2015-06-27 03:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 11:02 - 2015-06-27 03:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 11:02 - 2015-06-25 04:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 11:02 - 2015-06-16 00:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 11:02 - 2015-06-16 00:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 11:02 - 2015-06-15 23:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 11:02 - 2015-06-15 23:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 11:02 - 2015-06-15 22:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 11:02 - 2015-06-15 21:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 11:01 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 11:01 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 11:01 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 11:01 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 11:01 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 11:01 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 11:01 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 11:01 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 11:01 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 11:01 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 11:01 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 11:01 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 11:01 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 11:01 - 2015-07-03 15:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 11:01 - 2015-07-03 15:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 11:01 - 2015-07-03 15:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 11:01 - 2015-07-03 15:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 11:01 - 2015-07-02 00:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 11:01 - 2015-07-01 23:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 11:01 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 11:01 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 11:01 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 11:01 - 2015-05-30 23:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 11:01 - 2015-05-30 21:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 11:01 - 2015-05-30 21:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 11:00 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 11:00 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 10:59 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 10:59 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 10:59 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 10:59 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 10:59 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 10:59 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 10:59 - 2015-06-16 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 10:59 - 2015-06-16 00:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 10:59 - 2015-06-16 00:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 10:59 - 2015-06-16 00:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 10:59 - 2015-06-16 00:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 10:59 - 2015-06-15 23:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 10:59 - 2015-06-15 23:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 10:59 - 2015-06-15 23:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 10:59 - 2015-06-15 23:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 10:59 - 2015-06-15 23:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 10:59 - 2015-06-15 23:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 10:59 - 2015-06-15 23:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 10:59 - 2015-06-15 23:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 10:59 - 2015-06-15 23:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 10:59 - 2015-06-15 23:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 10:59 - 2015-06-15 23:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 10:59 - 2015-06-15 23:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 10:59 - 2015-06-15 23:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 10:59 - 2015-06-15 23:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 10:59 - 2015-06-15 22:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 10:59 - 2015-06-15 22:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 10:59 - 2015-06-15 22:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 10:59 - 2015-06-15 22:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 10:59 - 2015-06-15 22:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 10:59 - 2015-06-15 22:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 10:59 - 2015-06-15 22:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 10:59 - 2015-06-15 22:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 10:59 - 2015-06-15 22:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 10:59 - 2015-06-15 22:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 10:59 - 2015-06-15 22:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 10:59 - 2015-06-15 22:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 10:59 - 2015-06-15 22:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 10:59 - 2015-06-15 22:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 10:58 - 2015-06-16 07:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 10:58 - 2015-06-16 07:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 10:58 - 2015-06-11 05:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 10:58 - 2015-06-10 18:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 10:58 - 2015-05-07 18:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-14 19:42 - 2015-07-14 19:42 - 00558328 _____ (Safer-Networking Ltd. ) C:\Users\Dana\Downloads\spybot2-license.exe
2015-07-09 17:20 - 2015-07-09 17:20 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-07 16:04 - 2015-07-07 20:40 - 00012465 _____ C:\Users\Dana\Documents\Fragen Paket.de.odt
2015-07-07 12:21 - 2015-07-09 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-27 06:49 - 2015-06-27 06:50 - 89039562 _____ C:\Users\Dana\Downloads\Welcome.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-22 14:02 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-22 13:52 - 2015-01-14 13:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-22 13:44 - 2014-09-27 06:08 - 01269947 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-22 13:43 - 2013-08-22 16:46 - 00083219 _____ C:\WINDOWS\setupact.log
2015-07-22 13:36 - 2015-01-03 20:31 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1602078527-2339295992-2746922436-1001
2015-07-22 13:33 - 2015-05-03 10:30 - 00000000 ___RD C:\Users\Dana\Dropbox
2015-07-22 13:33 - 2015-05-03 10:27 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Dropbox
2015-07-22 13:32 - 2015-03-28 17:15 - 00001134 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001UA.job
2015-07-22 13:31 - 2015-01-03 20:24 - 00723228 _____ C:\Users\Dana\AppData\Local\BTServer.log
2015-07-22 09:07 - 2014-09-27 06:44 - 04047792 _____ C:\Users\Public\CAFADEBUG.log
2015-07-22 08:37 - 2015-01-03 20:23 - 00000000 ____D C:\Users\Dana
2015-07-22 08:25 - 2015-01-03 21:59 - 00003926 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{91E03A35-91AC-4E7C-8AC3-167C4C714877}
2015-07-22 08:24 - 2015-06-16 08:13 - 00001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001UA.job
2015-07-21 11:06 - 2013-08-22 17:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-19 20:50 - 2015-03-06 14:09 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Nitro PDF
2015-07-19 16:18 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-19 14:41 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-19 14:37 - 2015-01-13 22:37 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-19 14:37 - 2015-01-13 22:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-19 14:36 - 2015-01-12 23:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-19 09:40 - 2015-01-12 19:16 - 00000000 ____D C:\ProgramData\Avira
2015-07-19 09:40 - 2014-09-27 06:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-19 09:39 - 2015-01-03 20:25 - 00000000 ____D C:\Users\Dana\AppData\Local\VirtualStore
2015-07-19 09:23 - 2015-06-16 08:13 - 00001186 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001Core.job
2015-07-19 09:22 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-19 09:21 - 2014-09-27 07:34 - 00006656 _____ C:\WINDOWS\system32\VfService.trf
2015-07-19 09:21 - 2014-03-18 11:44 - 00461220 _____ C:\WINDOWS\PFRO.log
2015-07-19 09:18 - 2015-06-16 08:13 - 00004182 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001UA
2015-07-19 09:18 - 2015-06-16 08:13 - 00003802 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001Core
2015-07-19 08:50 - 2015-04-04 19:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-19 08:50 - 2015-04-04 19:32 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-19 08:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-18 22:58 - 2015-01-12 13:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-07-16 07:32 - 2015-03-28 17:15 - 00001082 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001Core.job
2015-07-16 07:27 - 2015-03-28 17:15 - 00004078 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001UA
2015-07-16 07:27 - 2015-03-28 17:15 - 00003698 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1602078527-2339295992-2746922436-1001Core
2015-07-16 07:19 - 2013-08-22 16:44 - 00377296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-15 23:04 - 2015-02-23 17:47 - 00000000 ____D C:\Users\Dana\AppData\Roaming\Spotify
2015-07-15 22:45 - 2015-02-23 17:48 - 00000000 ____D C:\Users\Dana\AppData\Local\Spotify
2015-07-14 20:47 - 2015-01-03 20:29 - 00000000 ____D C:\Users\Dana\AppData\Local\Adobe
2015-07-14 20:45 - 2015-01-14 13:22 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 19:44 - 2015-01-12 13:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-13 23:10 - 2015-01-14 12:55 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 23:10 - 2015-01-14 12:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-10 16:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-07-09 18:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-07-09 13:54 - 2015-02-04 09:58 - 00000000 __SHD C:\Users\Dana\AppData\Local\EmieBrowserModeList
2015-07-09 13:54 - 2015-01-12 13:03 - 00000000 __SHD C:\Users\Dana\AppData\Local\EmieUserList
2015-07-09 13:54 - 2015-01-12 13:03 - 00000000 __SHD C:\Users\Dana\AppData\Local\EmieSiteList
2015-07-09 12:41 - 2015-01-12 13:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-09 12:40 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-09 12:38 - 2015-01-12 19:55 - 00000000 ____D C:\AdwCleaner
2015-07-07 13:20 - 2015-01-16 15:50 - 00001142 _____ C:\Users\Dana\Desktop\Amazon Music.lnk
2015-07-03 08:43 - 2015-01-12 23:18 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2015-01-03 20:24 - 2015-07-22 13:31 - 0723228 _____ () C:\Users\Dana\AppData\Local\BTServer.log
2014-09-27 06:44 - 2014-09-27 06:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\avgnt.exe
C:\Users\Dana\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp27hanx.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-20 14:35
==================== End of log ============================ Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-22 14:28:50
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c ST500LT012-1DG142 rev.0002LVM1 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Dana\AppData\Local\Temp\fxldapog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000235600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000235610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\wininit.exe[516] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\lsass.exe[640] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\lsass.exe[640] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\lsass.exe[640] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\lsass.exe[640] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 2F]
.text C:\WINDOWS\system32\svchost.exe[712] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\svchost.exe[712] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\svchost.exe[712] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\svchost.exe[712] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[712] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\System32\svchost.exe[868] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\svchost.exe[896] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1c5c390]}
.text C:\WINDOWS\system32\svchost.exe[896] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1c1b580]}
.text C:\WINDOWS\system32\svchost.exe[896] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1c38500]}
.text C:\WINDOWS\system32\svchost.exe[896] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 2F]
.text C:\WINDOWS\system32\svchost.exe[896] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\System32\svchost.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1c5c390]}
.text C:\WINDOWS\System32\svchost.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1c1b580]}
.text C:\WINDOWS\System32\svchost.exe[308] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1c38500]}
.text C:\WINDOWS\System32\svchost.exe[308] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 2F]
.text C:\WINDOWS\System32\svchost.exe[308] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\svchost.exe[644] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 2F]
.text C:\WINDOWS\system32\svchost.exe[1188] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\WINDOWS\system32\svchost.exe[1188] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\WINDOWS\system32\svchost.exe[1188] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\WINDOWS\system32\svchost.exe[1188] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\svchost.exe[1188] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\System32\svchost.exe[1452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 2F]
.text C:\WINDOWS\System32\svchost.exe[1452] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[1752] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[1752] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[1752] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[1752] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe[1752] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Windows\System32\WUDFHost.exe[2624] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Windows\System32\WUDFHost.exe[2624] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Windows\System32\WUDFHost.exe[2624] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Windows\System32\WUDFHost.exe[2624] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Windows\System32\WUDFHost.exe[2624] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4552] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4552] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4552] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\taskhost.exe[166576] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\taskhost.exe[166576] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\taskhost.exe[166576] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\taskhost.exe[166576] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\taskhost.exe[166576] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\System32\dwm.exe[181980] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\System32\dwm.exe[181980] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\System32\dwm.exe[181980] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\System32\dwm.exe[181980] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\System32\dwm.exe[181980] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files\Elantech\ETDCtrl.exe[179808] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1dbc390]}
.text C:\Program Files\Elantech\ETDCtrl.exe[179808] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1d7b580]}
.text C:\Program Files\Elantech\ETDCtrl.exe[179808] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1d98500]}
.text C:\Program Files\Elantech\ETDCtrl.exe[179808] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Elantech\ETDCtrl.exe[179808] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\Explorer.EXE[181288] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\Explorer.EXE[181288] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\Explorer.EXE[181288] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\Explorer.EXE[181288] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\Explorer.EXE[181288] C:\WINDOWS\SYSTEM32\advapi32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes JMP ff513237
.text C:\WINDOWS\system32\taskhostex.exe[181016] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\taskhostex.exe[181016] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\taskhostex.exe[181016] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\taskhostex.exe[181016] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\taskhostex.exe[181016] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\DllHost.exe[175792] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\DllHost.exe[175792] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\DllHost.exe[175792] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\DllHost.exe[175792] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\DllHost.exe[175792] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[175492] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[175492] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[175492] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[175492] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[175492] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files\Elantech\ETDIntelligent.exe[126588] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Program Files\Elantech\ETDIntelligent.exe[126588] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Program Files\Elantech\ETDIntelligent.exe[126588] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Program Files\Elantech\ETDIntelligent.exe[126588] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files\Elantech\ETDIntelligent.exe[126588] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[177292] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1dbc390]}
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[177292] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1d7b580]}
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[177292] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1d98500]}
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[177292] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe[177292] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Windows\System32\igfxtray.exe[180892] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Windows\System32\igfxtray.exe[180892] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Windows\System32\igfxtray.exe[180892] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Windows\System32\igfxtray.exe[180892] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Windows\System32\igfxtray.exe[180892] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\igfxsrvc.exe[180540] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes JMP 43edf620
.text C:\WINDOWS\system32\igfxsrvc.exe[180540] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\WINDOWS\system32\igfxsrvc.exe[180540] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\WINDOWS\system32\igfxsrvc.exe[180540] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\igfxsrvc.exe[180540] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Windows\System32\hkcmd.exe[180564] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Windows\System32\hkcmd.exe[180564] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Windows\System32\hkcmd.exe[180564] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Windows\System32\hkcmd.exe[180564] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Windows\System32\hkcmd.exe[180564] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Windows\System32\igfxpers.exe[139512] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes JMP 43edf620
.text C:\Windows\System32\igfxpers.exe[139512] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Windows\System32\igfxpers.exe[139512] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Windows\System32\igfxpers.exe[139512] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Windows\System32\igfxpers.exe[139512] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[175600] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x73c390]}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[175600] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x6fb580]}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[175600] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x718500]}
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[175600] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes CALL fb1
.text C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe[175600] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[172656] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[172656] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[172656] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[172656] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files\CONEXANT\ForteConfig\fmapp.exe[172656] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Windows\RTFTrack.exe[139664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1dbc390]}
.text C:\Windows\RTFTrack.exe[139664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1d7b580]}
.text C:\Windows\RTFTrack.exe[139664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1d98500]}
.text C:\Windows\RTFTrack.exe[139664] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Windows\RTFTrack.exe[139664] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[173112] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x1dbc390]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[173112] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x1d7b580]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[173112] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x1d98500]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[173112] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe[173112] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[172664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x55c390]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[172664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x51b580]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[172664] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x538500]}
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[172664] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe[172664] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[182812] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessAsUserW 00007ffc22e83ca0 6 bytes {JMP QWORD [RIP+0x19c390]}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[182812] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessA 00007ffc22e84ab0 6 bytes {JMP QWORD [RIP+0x15b580]}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[182812] C:\WINDOWS\system32\KERNEL32.DLL!CreateProcessW 00007ffc22e87b30 6 bytes {JMP QWORD [RIP+0x178500]}
.text C:\WINDOWS\system32\wbem\unsecapp.exe[182812] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW + 198 00007ffc22618e46 3 bytes [C4, 71, 11]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[182812] C:\WINDOWS\system32\ADVAPI32.dll!CreateProcessWithLogonW 00007ffc24cbef80 6 bytes {JMP QWORD [RIP+0x710b0]}
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\WUDFHost.exe [2624:174100] 00007ffc10a630d0
Thread C:\WINDOWS\system32\csrss.exe [180804:173744] fffff960008132d0
---- Processes - GMER 2.1 ----
Process C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (FILE NOT FOUND) 0000000000400000
Library c:\users\dana\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp27hanx.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-07-22 11:32:41) 0000000005440000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:24) 000000006c990000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (ICU I18N DLL/The ICU Project)(2015-03-04 21:45:30) 000000004a900000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (ICU Common DLL/The ICU Project)(2015-03-04 21:45:30) 0000000005f50000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (ICU Data DLL/The ICU Project)(2015-03-04 21:45:30) 000000004ad00000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 000000006c570000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006ab50000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 000000006dc30000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a790000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 0000000064990000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a570000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006a310000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 00000000727b0000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 0000000073670000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:28) 00000000702d0000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006e9e0000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-03-04 21:45:26) 000000006ddc0000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 000000006d200000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 000000006e750000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 0000000072f00000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 000000006e820000
Library C:\Users\Dana\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll (*** suspicious ***) @ C:\Users\Dana\AppData\Roaming\Dropbox\bin\Dropbox.exe [139136](2015-03-04 21:45:30) 0000000072df0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- |