Jump to content

globedrifter

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Could not find a virus, but here the rtequested log files: Malwarebytes Anti-Rootkit BETA 1.07.0.1012 www.malwarebytes.org Database version: v2014.10.26.01 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17105 admin :: HELIOS [administrator] 2014-10-25 8:18:38 PM mbar-log-2014-10-25 (20-18-38).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 368184 Time elapsed: 12 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) And here the system log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17105 File system is: NTFS Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 8516689920, free: 6573805568 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1012 © Malwarebytes Corporation 2011-2012 OS version: 6.3.9200 Windows 8.1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17105 File system is: NTFS Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 8516689920, free: 6589341696 Initializing... ====================== Could not initialize database Downloaded database version: v2014.10.26.01 Canceled update Downloaded database version: v2014.10.26.01 Downloaded database version: v2014.10.22.01 Initializing... ======================================= Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 3879746A GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2451164161 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid 383ca5d5-1efc-4744-a36b-c98b1b19b362 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2451164161 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 383ca5d5-1efc-4744-a36b-c98b1b19b362 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 5d2c5546-c32b-43c0-8cd8-f73c5fbfdbd7 FirstLBA 2048 Last LBA 1333247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d1ae61a4-b122-4b9d-a44c-f86290d8e387 FirstLBA 1333248 Last LBA 1865727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 9e0efc09-8531-42d3-a86f-299e8ec367da FirstLBA 1865728 Last LBA 2127871 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 3e405be2-9d9e-4ae8-adf0-3cf96aef322c FirstLBA 2127872 Last LBA 885909503 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 8474eb32-b97-4dec-84a0-42f7f6f88bef FirstLBA 885909504 Last LBA 1909905407 Attributes 0 Partition Name Basic data partition Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID f6cb00ef-9e5b-43ff-a0da-1dd116d69972 FirstLBA 1909907456 Last LBA 1953513471 Attributes 1 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
  2. OK, here it is: Farbar Recovery Scan Tool (x64) Version: 23-10-2014 Ran by admin at 2014-10-24 18:41:36 Running from C:\Users\admin\Desktop\VIRUSFOLDER Boot Mode: Normal ================== Search Files: "alert.exe;alert*" ============= C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_9da90240751f2083\alert_lrg.gif [2013-08-21 16:36][2013-06-18 05:28] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_c9cc80e8dd21050c\alert_lrg.gif [2014-04-02 02:50][2014-03-18 03:59] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_55fbcb6960a2f77d\alert_lrg.gif [2013-08-21 23:41][2013-06-18 07:46] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_55fbcb6960a2f77d\alert_sml.gif [2013-08-21 23:41][2013-06-18 07:46] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed] C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_821f4a11c8a4dc06\alert_lrg.gif [2014-04-02 02:50][2014-03-18 03:59] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_821f4a11c8a4dc06\alert_sml.gif [2014-04-02 02:50][2014-03-18 03:59] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif [2013-08-22 08:36][2013-08-22 08:34] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_sml.gif [2013-08-22 08:36][2013-08-22 08:34] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif [2014-04-02 02:50][2014-04-02 02:50] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif [2014-04-02 02:50][2014-04-02 02:50] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif [2013-08-22 08:36][2013-08-22 08:34] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif [2014-04-02 02:50][2014-04-02 02:50] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed] C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\POT94FGU\alertset_warning[1].png [2014-10-04 15:49][2014-10-04 15:49] 0000332 ____A () 85C7B4FFD6B4E6C96AAC14CD6E2535A2 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_BatteryReplace.xml [2014-10-05 15:06][2011-06-14 15:04] 0006127 ____A () 5F6D786FCE5A5C672F09DB57CDF32347 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_BatteryReplace_Warranty.xml [2014-10-05 15:06][2011-06-14 15:04] 0005888 ____A () B53B826A75234319194EE2128DB53F2A C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_GuestEnabled.xml [2014-10-05 15:06][2014-02-12 17:00] 0001976 ____A () F0A50BA32FDF40C4BFB4684E4E2E698A C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_HPHotFixScan.xml [2014-10-05 15:06][2011-06-14 15:04] 0002615 ____A () B271D7C547D19831FD6A08774BE0313D C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_LowDiskSpaceC.xml [2014-10-05 15:06][2013-10-25 17:26] 0006667 ____A () 278DDB3D5CE96214050B00ACDF9C43C4 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_LowDiskSpaceC_US.xml [2014-10-05 15:06][2013-02-05 14:00] 0008073 ____A () 68A43DA484206C61E1A180D2A8850134 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_OrderBattery.xml [2014-10-05 15:06][2011-10-27 23:29] 0002791 ____A () AB1414411EDD24B676E9C75CDCF31ADA C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_SandyBridgeNB.xml [2014-10-05 15:06][2011-06-14 15:04] 0001751 ____A () EB679A587A37CBAB62CDC269FAF4DAB5 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_styles.css [2014-10-05 15:06][2012-07-02 20:11] 0000518 ____A () 0CE567DD6DCACC6115358CE8F2E6593C C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\scripts\AlertErrorHandler.js [2014-02-24 11:54][2014-02-24 11:54] 0000131 ____A () 094E8AE6DEFC9E3AFC16F6AC1613CDAC C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\scripts\loggers\AlertLogger.js [2014-02-24 11:54][2014-02-24 11:54] 0000341 ____A () 940AA5E5EF7CFE6F7D2FC70E725268CD C:\Program Files (x86)\Avira\My Avira\pages\notification\images\alert.png [2014-09-23 14:44][2014-09-23 14:44] 0000918 ____A () 889CD01725FE90E375D2B7EBA31917AA C:\Program Files (x86)\Avira\AntiVir Desktop\alertcat.htm [2014-10-19 20:57][2014-09-24 12:44] 0003321 ____A () 8727DA629C0CA9FFD80E2584CF2C640F C:\Program Files (x86)\Avira\AntiVir Desktop\alerttyp.htm [2014-10-19 20:57][2014-09-24 12:44] 0002952 ____A () 08CBD9C6418CCC1E5641E9733F576160 C:\Program Files (x86)\Avira\AntiVir Desktop\alertvir.htm [2014-10-19 20:57][2014-09-24 12:44] 0002980 ____A () F440176E30E30F939C5C4620A10B6C22 C:\Program Files (x86)\Avira\AntiVir Desktop\alert_level.gif [2014-10-19 20:57][2014-09-24 12:44] 0018648 ____A () 1814AA4312B79F74888B0CB7E6A3A620 ====== End Of Search ======
  3. And here the Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014 Ran by admin at 2014-10-23 16:07:46 Running from C:\Users\admin\Desktop\VIRUSFOLDER Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.) Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation) Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9810 - Broadcom Corporation) CIB pdf brewer (HKLM\...\{E9E6A9B7-89B7-41D3-90A1-710E82427097}) (Version: 2.6.0034 - CIB software GmbH) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.) Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.6.3604 - CyberLink Corp.) Hidden CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.) CyberLink PowerDVD 12 (x32 Version: 12.0.4.4223 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.) CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG) FTP Voyager 11.2 (HKLM-x32\...\FTP Voyager_is1) (Version: - RhinoSoft.com) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard) HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden HP Recovery Manager (x32 Version: 1.16.1420 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard) HP SimplePass (Version: 8.01.11 - Hewlett-Packard) Hidden HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation) Intel® Rapid Storage Technology (Version: 12.8.9.1000 - Intel Corporation) Hidden Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{455E207E-5625-4D07-A420-CAF153BEC7E9}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden MAGIX Music Maker Soundtrack Edition (Demosongs) (HKLM-x32\...\MAGIX_{7008FDC2-9B1A-4398-BE02-5365B578471A}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Music Maker Soundtrack Edition (Demosongs) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker Soundtrack Edition (HKLM-x32\...\MAGIX_{13608872-D05A-43C8-A9A3-F565B504DD61}) (Version: 19.0.3.46 - MAGIX AG) MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) (HKLM-x32\...\MAGIX_{0DE9B74C-4FF3-4AFF-8026-58CE0DA157EF}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46 - MAGIX AG) Hidden MAGIX Music Maker Soundtrack Edition Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{8B8BF55D-6561-4911-A7C1-33D90F3FB989}) (Version: 7.0.2.6 - MAGIX Software GmbH) MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden MAGIX Video Pro X6 (Designelemente) (HKLM\...\MX.{B819C28D-D7A1-4A73-B97D-BCEC5616BB4A}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Filmvorlagen) (HKLM\...\MX.{3FB5F487-B8A5-46E4-872D-2CDA114466F4}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (HKLM\...\MX.{CBC84EDA-E830-4240-9392-325C3E6D5DCA}) (Version: 13.0.4.2 - MAGIX Software GmbH) MAGIX Video Pro X6 (Individuelle Menüvorlagen) (HKLM\...\MX.{46014C2A-4768-4171-9FDE-9DF30836D387}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Menüvorlagen) (HKLM\...\MX.{C631DC28-575A-422B-AA9C-829834486F38}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (proDAD Mercalli V2) (HKLM\...\MX.{A90FD7D9-5A48-4350-BA1C-E39390D158B7}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (proDAD Mercalli V2) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Soundtrack Maker-Stile) (HKLM\...\MX.{55A35129-47E9-4E81-9B98-775D631794AC}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Titeleffekte) (HKLM\...\MX.{4D0530E3-9918-4264-8108-B3B7E8F7B910}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Überblendeffekte) (HKLM\...\MX.{56DE2115-3FF0-42CD-91A1-9BA4C9C7B8CA}) (Version: 1.0.0.0 - MAGIX AG) MAGIX Video Pro X6 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden MAGIX Video Pro X6 (Version: 13.0.4.2 - MAGIX Software GmbH) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) proDAD Heroglyph 4.0 (64bit) (HKLM\...\proDAD-Heroglyph-4.0) (Version: 4.0.225.1 - proDAD GmbH) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.) RoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems) Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated) TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Tiger-Basic 5.4 (HKLM-x32\...\{013EDBA6-4A8F-4312-AAB6-899E18CC727D}) (Version: 5.4 - Wilke Technology) Virtuosa (HKLM-x32\...\{38749CB9-FFC0-402E-8F95-519BDFE3784C}) (Version: - ) Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4027528453-55454652-140910116-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-4027528453-55454652-140910116-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions) ==================== Restore Points ========================= 17-10-2014 01:56:30 Language Pack Removal 20-10-2014 03:33:19 HPSF Applying updates 20-10-2014 15:18:38 After 3 Virus Scans 22-10-2014 18:42:56 Installed PL-2303 USB-to-Serial ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {21199D4C-F9E7-4A63-8AFD-C469861365D8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation) Task: {35AE8B4D-BB31-4510-B4CA-9CFC006CA44D} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3BBAE78D-47D3-45A9-B808-AE983E04D144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard) Task: {45CA5759-8347-4587-9D16-D3548417514B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {4A371C66-B995-4688-9077-6271C0944117} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6D2DBD32-1CA9-4346-B91A-DA00590EFC97} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {745B5281-77F7-4B30-A73D-39535AAA94A5} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\admin\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] () Task: {75C81151-868D-4A6A-9C1A-F198F9150FE0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-10-04] (Siber Systems) Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9120AA4C-7769-4C05-8D6B-0067E8CBFE63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company) Task: {98292BAF-42C3-4FC1-9056-7EB1EE3B3C57} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {B581F837-7EA6-4C2F-856F-003690D563C7} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe Task: {B64C53FD-77F1-4C5D-A1C0-FEA08F270A45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {CBDA51B5-18F3-4C3F-BBAD-09E7E42FDD0E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {CC3E1CC1-ED6C-46D1-8440-8D8D9366178C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJMNMNJJMKMMJNMNJCNOMMJLMJJCNLMMJIMJMCNGMIMLMLJCNOJLMOMLMIMMMMMGMPMKMNMLJJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMLMFMOMNMKJPMOMFMPMJNHICMOMNMKJPMOMJNBJCMOJLJCJGJBJJNKJCMJNNICMJNDJCMLJKJJNMJCMIMFMMMOMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ" Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D352DA66-6B83-46D8-9915-8E7B856C5978} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {D5C4B467-1043-4A53-BAB6-B71D4330F478} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation) Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {D9E9CAEA-5E4F-478E-A29F-82F67C4C95BF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.) Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll 2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll 2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll 2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll 2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe 2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll 2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll 2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe 2014-06-17 06:36 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2014-10-04 11:34 - 2003-09-09 06:59 - 00049221 ____R () A:\MAIL\Parcus.CA\EuLang.dll 2014-10-04 11:34 - 2003-09-09 07:00 - 00049152 ____R () A:\MAIL\Parcus.CA\xmlparse.dll 2014-10-04 11:34 - 2003-09-09 07:00 - 00061532 ____R () A:\MAIL\Parcus.CA\plstclnt.dll 2014-10-04 11:34 - 2003-09-09 07:00 - 00073728 ____R () A:\MAIL\Parcus.CA\xmltok.dll 2014-10-04 11:35 - 2003-09-09 07:00 - 00011264 ____R () A:\MAIL\Parcus.CA\Plugins\Unwrap32.dll 2014-10-04 15:58 - 2014-09-23 22:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" ========================= Accounts: ========================== admin (S-1-5-21-4027528453-55454652-140910116-1001 - Administrator - Enabled) => C:\Users\admin Administrator (S-1-5-21-4027528453-55454652-140910116-500 - Administrator - Disabled) Guest (S-1-5-21-4027528453-55454652-140910116-501 - Limited - Disabled) Work (S-1-5-21-4027528453-55454652-140910116-1002 - Limited - Enabled) => C:\Users\Work ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/22/2014 00:27:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af Exception code: 0xc0000374 Fault offset: 0x00000000000f8c9c Faulting process id: 0xf14 Faulting application start time: 0xmmc.exe0 Faulting application path: mmc.exe1 Faulting module path: mmc.exe2 Report Id: mmc.exe3 Faulting package full name: mmc.exe4 Faulting package-relative application ID: mmc.exe5 Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1017) (User: ) Description: Outlook Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1021) (User: ) Description: Outlook8 Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1017) (User: ) Description: ASP.NET_2.0.50727 Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1021) (User: ) Description: ASP.NET_2.0.507278 Error: (10/10/2014 01:35:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Helios) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/10/2014 00:00:00 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost (1460) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00039.log. Error: (10/10/2014 11:06:16 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: The keyfile contains no valid license. The service will be stopped! Error: (10/10/2014 10:40:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: The keyfile contains no valid license. The service will be stopped! Error: (10/10/2014 10:27:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: The keyfile contains no valid license. The service will be stopped! System errors: ============= Error: (10/23/2014 08:19:25 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/22/2014 04:05:26 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/22/2014 04:04:56 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/21/2014 08:53:43 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/21/2014 08:53:13 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/20/2014 07:57:00 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (10/20/2014 02:42:00 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/20/2014 02:41:30 AM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/19/2014 05:42:20 PM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/19/2014 05:41:50 PM) (Source: DCOM) (EventID: 10010) (User: Helios) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions: ========================= Error: (10/22/2014 00:27:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: mmc.exe6.3.9600.163845215ef8fntdll.dll6.3.9600.17031530895afc000037400000000000f8c9cf1401cfee2e0463e09bC:\Windows\system32\mmc.exeC:\Windows\SYSTEM32\ntdll.dll672191ba-5a21-11e4-8267-142d27d89946 Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1017) (User: ) Description: Outlook Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1021) (User: ) Description: Outlook8 Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1017) (User: ) Description: ASP.NET_2.0.50727 Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1021) (User: ) Description: ASP.NET_2.0.507278 Error: (10/10/2014 01:35:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Helios) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284 Error: (10/10/2014 00:00:00 PM) (Source: ESENT) (EventID: 455) (User: ) Description: svchost1460SRUJet: C:\Windows\system32\SRU\SRU00039.log-1811 (0xfffff8ed) Error: (10/10/2014 11:06:16 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: 0x0 Error: (10/10/2014 10:40:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: 0x0 Error: (10/10/2014 10:27:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY) Description: 0x0 ==================== Memory info =========================== Processor: Intel® Core i5-4210U CPU @ 1.70GHz Percentage of memory in use: 20% Total physical RAM: 8122.15 MB Available physical RAM: 6469.41 MB Total Pagefile: 9402.15 MB Available Pagefile: 7313.67 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive a: (LOCAL-DATA) (Fixed) (Total:488.28 GB) (Free:471.29 GB) NTFS Drive c: (Windows) (Fixed) (Total:421.42 GB) (Free:371.46 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:20.79 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3879746A) Partition: GPT Partition Type. ==================== End Of Log ============================
  4. Ok, thank you. Here is the first.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014 Ran by admin (administrator) on HELIOS on 23-10-2014 16:07:23 Running from C:\Users\admin\Desktop\VIRUSFOLDER Loaded Profiles: admin & (Available profiles: admin & Work) Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (QUALCOMM Incorporated) A:\MAIL\Parcus.CA\Eudora.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor) HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard) HKU\S-1-5-21-4027528453-55454652-140910116-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-04] (Siber Systems) HKU\S-1-5-21-4027528453-55454652-140910116-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-4027528453-55454652-140910116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-04] (Siber Systems) HKU\S-1-5-21-4027528453-55454652-140910116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-4027528453-55454652-140910116-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON14/4 SearchScopes: HKLM - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oulr3fd6.default FF Homepage: GLOBEDRIFTER.COM FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Avira Browser Safety - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oulr3fd6.default\Extensions\abs@avira.com [2014-10-04] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-10-04] FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-05] (Adobe Systems) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.) R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-18] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-06] (Microsoft Corporation) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-06] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-06] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG) R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.) R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-06-17] (Broadcom Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] () R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-06] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.) S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X] S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 09:07 - 2014-10-23 09:07 - 00000186 _____ () C:\Users\admin\Desktop\Malewarebytes Help Forum.url 2014-10-22 12:27 - 2014-10-22 12:27 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps 2014-10-22 12:13 - 2014-10-22 12:13 - 00000000 ____D () C:\Windows\LastGood 2014-10-22 12:05 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\Documents\Avatar 2014-10-22 12:05 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\AppData\Roaming\CyberLink 2014-10-22 12:03 - 2014-10-22 12:03 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-1002 2014-10-22 12:03 - 2014-10-22 12:03 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Avira 2014-10-22 11:58 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\Documents\Youcam 2014-10-22 11:58 - 2014-10-22 11:58 - 00000000 ____D () C:\Users\Work\AppData\Local\Hewlett-Packard 2014-10-22 11:58 - 2014-10-22 11:58 - 00000000 ____D () C:\Users\Work\AppData\Local\CyberLink 2014-10-22 11:57 - 2014-10-22 11:59 - 00000000 ____D () C:\Users\Work\AppData\Local\Packages 2014-10-22 11:57 - 2014-10-22 11:57 - 00001445 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-22 11:57 - 2014-10-22 11:57 - 00000020 ___SH () C:\Users\Work\ntuser.ini 2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Synaptics 2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Adobe 2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Local\VirtualStore 2014-10-22 11:56 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work 2014-10-22 11:56 - 2014-10-10 11:03 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-22 11:56 - 2014-10-10 11:03 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-22 11:56 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\Work\AppData\Local\Pokki 2014-10-22 11:56 - 2014-05-06 16:17 - 00000000 ___HD () C:\Users\Work\Documents\hp.system.package.metadata 2014-10-22 11:56 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-10-22 11:56 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-10-22 11:56 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-22 11:56 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 09:43 - 2014-10-21 09:43 - 00000000 ____D () C:\Users\admin\Documents\Updater 2014-10-19 21:00 - 2014-10-19 21:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira 2014-10-19 21:00 - 2014-10-19 20:59 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-10-19 20:57 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-10-19 20:57 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-10-19 20:57 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-10-19 20:54 - 2014-10-19 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-10-19 20:54 - 2014-10-19 20:57 - 00000000 ____D () C:\ProgramData\Avira 2014-10-19 20:54 - 2014-10-19 20:54 - 00001116 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-10-19 20:47 - 2014-10-20 07:58 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForadmin.job 2014-10-19 20:47 - 2014-10-19 20:47 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadmin 2014-10-19 20:35 - 2014-10-19 20:35 - 00000000 ____D () C:\Windows\LastGood.Tmp 2014-10-17 17:02 - 2014-10-17 17:02 - 00132736 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-17 17:00 - 2014-10-17 17:00 - 00000000 ____D () C:\Program Files (x86)\MSECache 2014-10-12 13:18 - 2014-10-12 13:18 - 00000000 ____D () C:\Users\admin\AppData\Local\Evernote 2014-10-11 08:14 - 2014-10-13 11:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-10 12:02 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-10 11:52 - 2014-10-23 16:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-10 11:52 - 2014-10-22 13:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-10 11:52 - 2014-10-10 11:52 - 00001077 _____ () C:\Users\Public\Desktop\Anti Malware.lnk 2014-10-10 11:52 - 2014-10-10 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-10 11:52 - 2014-10-10 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-10 11:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-10 11:52 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-10 11:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-10 11:39 - 2014-10-20 07:56 - 00000000 ____D () C:\AdwCleaner 2014-10-10 11:25 - 2014-10-23 16:07 - 00000000 ____D () C:\FRST 2014-10-10 11:24 - 2014-10-23 16:07 - 00000000 ____D () C:\Users\admin\Desktop\VIRUSFOLDER 2014-10-10 11:15 - 2014-09-21 23:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-07 08:32 - 2014-10-10 12:04 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-06 09:17 - 2014-10-06 09:17 - 00000000 ____D () C:\Users\admin\AppData\Local\Macromedia 2014-10-06 09:16 - 2014-10-06 09:17 - 00000112 _____ () C:\Users\admin\Desktop\KlassikRadio.url 2014-10-05 18:11 - 2013-08-17 10:09 - 00607256 _____ (proDAD GmbH) C:\Windows\system32\prodad-codec.dll 2014-10-05 18:10 - 2014-10-05 18:11 - 00000000 ____D () C:\ProgramData\proDAD 2014-10-05 18:10 - 2014-10-05 18:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\proDAD 2014-10-05 18:10 - 2014-10-05 18:10 - 00000000 ____D () C:\Program Files\proDAD 2014-10-05 17:28 - 2014-10-05 17:28 - 00001190 _____ () C:\Users\Public\Desktop\MAGIX Music Maker Soundtrack Edition.lnk 2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\Documents\MAGIX_MusicEditor 2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Xara 2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Magix 2014-10-05 17:06 - 2014-10-05 17:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-10-05 17:06 - 2014-10-05 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX 2014-10-05 17:06 - 2014-10-05 17:06 - 00001067 _____ () C:\Users\Public\Desktop\MAGIX Video Pro X6.lnk 2014-10-05 17:06 - 2014-10-05 17:06 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Shared 2014-10-05 17:05 - 2014-10-05 17:29 - 00000000 ___RD () C:\Users\admin\Documents\MAGIX 2014-10-05 17:05 - 2014-10-05 17:28 - 00000000 ____D () C:\ProgramData\MAGIX 2014-10-05 17:05 - 2014-10-05 17:28 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files\MAGIX 2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services 2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-10-05 16:32 - 2014-10-05 17:29 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MAGIX 2014-10-05 16:29 - 2014-10-05 16:29 - 00000756 _____ () C:\Users\admin\Desktop\Carlos - Shortcut.lnk 2014-10-05 16:28 - 2014-10-05 16:28 - 00002028 _____ () C:\Users\admin\Desktop\Adobe Photoshop CS2.lnk 2014-10-05 16:28 - 2014-10-05 16:28 - 00002025 _____ () C:\Users\admin\Desktop\Adobe ImageReady CS2.lnk 2014-10-05 16:26 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2014-10-05 16:26 - 2014-10-05 16:26 - 00002064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk 2014-10-05 16:26 - 2014-10-05 16:26 - 00002046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk 2014-10-05 16:26 - 2014-10-05 16:26 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF 2014-10-05 16:25 - 2014-10-05 16:25 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk 2014-10-05 16:25 - 2014-10-05 16:25 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk 2014-10-05 16:05 - 2014-10-05 16:05 - 00000000 ____D () C:\PhSp_CS2_UE_Ret 2014-10-05 16:00 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTP Voyager 2014-10-05 16:00 - 2014-10-05 16:00 - 00001281 _____ () C:\Users\admin\Desktop\FTP Voyager.lnk 2014-10-05 16:00 - 2014-10-05 16:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RhinoSoft.com 2014-10-05 16:00 - 2014-10-05 16:00 - 00000000 ____D () C:\Program Files (x86)\RhinoSoft.com 2014-10-05 15:57 - 2014-10-05 15:57 - 00002056 _____ () C:\Users\Public\Desktop\PDF erstellen.lnk 2014-10-05 15:57 - 2014-10-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIB software GmbH 2014-10-05 15:57 - 2014-10-05 15:57 - 00000000 ____D () C:\Program Files\CIB software GmbH 2014-10-05 15:56 - 2014-10-05 15:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Downloaded Installations 2014-10-05 15:55 - 2014-10-05 15:55 - 00002123 _____ () C:\Users\Public\Desktop\Tiger Basic 5.4.lnk 2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\Programme 2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilke Technology 2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\Program Files (x86)\Wilke Technology 2014-10-05 15:52 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtuosa 2014-10-05 15:52 - 2014-10-05 15:52 - 00001860 _____ () C:\Users\Public\Desktop\Virtuosa.lnk 2014-10-05 15:52 - 2014-10-05 15:52 - 00000000 ____D () C:\Program Files (x86)\Virtuosa 2014-10-05 15:52 - 1998-04-24 19:09 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vbar332.dll 2014-10-05 15:52 - 1998-04-24 18:40 - 01045776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjet35.dll 2014-10-05 15:52 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msrepl35.dll 2014-10-05 15:52 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msrd2x35.dll 2014-10-05 15:52 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjint35.dll 2014-10-05 15:52 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjter35.dll 2014-10-05 15:49 - 2014-10-05 15:49 - 00000000 ____D () C:\Users\admin\AppData\Local\Apple Computer 2014-10-05 15:45 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-05 15:45 - 2014-10-05 16:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer 2014-10-05 15:45 - 2014-10-05 15:45 - 00001824 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-05 15:44 - 2014-10-05 15:44 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Windows\System32\Tasks\Apple 2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Users\admin\AppData\Local\Apple 2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-10-05 15:42 - 2014-10-05 15:45 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-10-05 15:42 - 2014-10-05 15:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-10-05 15:42 - 2014-10-05 15:42 - 00054156 ____H () C:\Windows\QTFont.qfn 2014-10-05 15:42 - 2014-10-05 15:42 - 00001409 _____ () C:\Windows\QTFont.for 2014-10-05 15:37 - 2014-10-05 15:37 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad.lnk 2014-10-05 15:37 - 2014-10-05 15:37 - 00000962 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk 2014-10-05 15:37 - 2014-10-05 15:37 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Helios 2014-10-05 15:37 - 2014-10-05 15:37 - 00000000 ____D () C:\Program Files (x86)\TextPad 5 2014-10-05 15:34 - 2014-10-05 15:34 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-10-05 15:33 - 2014-10-05 16:25 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-05 15:32 - 2014-10-12 05:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe 2014-10-05 11:30 - 2014-10-05 11:30 - 00000788 _____ () C:\Users\admin\Desktop\00000_Move.lnk 2014-10-05 11:27 - 2014-10-10 12:07 - 00000000 ____D () C:\Windows\PCHEALTH 2014-10-05 11:27 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-10-05 11:27 - 2014-10-05 11:27 - 00000376 _____ () C:\Windows\ODBC.INI 2014-10-05 11:27 - 2014-10-05 11:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft ActiveSync 2014-10-05 11:19 - 2014-10-23 16:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype 2014-10-05 11:19 - 2014-10-14 09:30 - 00000000 ____D () C:\ProgramData\Skype 2014-10-05 11:19 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-10-05 11:19 - 2014-10-05 11:19 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-10-05 11:19 - 2014-10-05 11:19 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-05 11:19 - 2014-10-05 11:19 - 00000000 ____D () C:\Users\admin\AppData\Local\Skype 2014-10-05 11:13 - 2014-10-05 11:13 - 00000468 _____ () C:\Users\admin\Desktop\LOCAL DATA (A).lnk 2014-10-05 11:12 - 2014-10-10 11:21 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-10-05 11:12 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll 2014-10-05 11:08 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe 2014-10-05 10:41 - 2014-10-05 10:41 - 00000000 ____D () C:\ProgramData\Synaptics 2014-10-05 10:38 - 2014-10-05 10:38 - 00000000 ____D () C:\Program Files\Synaptics 2014-10-05 10:19 - 2014-10-19 20:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-10-05 10:19 - 2014-10-19 20:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-05 10:17 - 2014-10-05 10:17 - 00000000 ____D () C:\Program Files (x86)\Hp 2014-10-05 09:07 - 2014-10-05 09:07 - 00000109 _____ () C:\Users\admin\Desktop\LEO.url 2014-10-04 19:36 - 2014-10-04 19:36 - 00004100 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm 2014-10-04 19:36 - 2014-10-04 19:36 - 00003488 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2014-10-04 19:30 - 2014-10-05 14:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RoboForm 2014-10-04 19:27 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2014-10-04 19:27 - 2014-10-04 19:27 - 00000000 ____D () C:\Users\admin\Documents\My RoboForm Data 2014-10-04 19:27 - 2014-10-04 19:27 - 00000000 ____D () C:\ProgramData\RoboForm 2014-10-04 19:22 - 2014-10-04 19:22 - 00000000 ____D () C:\Program Files (x86)\Siber Systems 2014-10-04 18:59 - 2014-10-04 19:22 - 00001082 _____ () C:\Users\admin\Desktop\Shaw - EN.lnk 2014-10-04 18:59 - 2014-10-04 19:22 - 00001082 _____ () C:\Users\admin\Desktop\Shaw - DE.lnk 2014-10-04 18:56 - 2014-10-04 18:56 - 00000000 ____D () C:\Users\admin\Desktop\Youtube Stuff 2014-10-04 18:56 - 2014-10-04 18:56 - 00000000 ____D () C:\Users\admin\Desktop\Photos Sept 2014 2014-10-04 16:13 - 2014-10-04 16:13 - 00000000 ____D () C:\Users\admin\AppData\Local\SFPC_Auto_Updater 2014-10-04 16:12 - 2014-10-04 16:12 - 00000000 _____ () C:\Recovery.txt 2014-10-04 16:03 - 2014-10-19 20:57 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-10-04 16:02 - 2014-10-04 16:02 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_de_av_4410091161__ws.exe 2014-10-04 15:58 - 2014-10-04 15:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla 2014-10-04 15:58 - 2014-10-04 15:59 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla 2014-10-04 15:58 - 2014-10-04 15:58 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-04 15:58 - 2014-10-04 15:58 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-04 15:57 - 2014-10-04 15:57 - 00004002 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater 2014-10-04 15:57 - 2014-10-04 15:57 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun 2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Roaming\hpqlog 2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Local\IsolatedStorage 2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Local\Developerts_LLC 2014-10-04 15:56 - 2014-10-04 16:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Developerts LLC USA 2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia 2014-10-04 15:41 - 2014-10-04 15:41 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList 2014-10-04 15:41 - 2014-10-04 15:41 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList 2014-10-04 15:38 - 2014-10-04 15:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WildTangent 2014-10-04 15:36 - 2014-10-04 15:36 - 00000657 _____ () C:\Windows\SynInst.log 2014-10-04 15:35 - 2014-10-04 15:35 - 00000000 ____D () C:\Users\admin\AppData\Local\pinger.com 2014-10-04 15:33 - 2014-10-22 12:20 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-1001 2014-10-04 15:32 - 2014-10-04 15:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Hewlett-Packard 2014-10-04 15:30 - 2014-10-23 16:02 - 00000000 ____D () C:\Users\admin\Documents\Youcam 2014-10-04 15:30 - 2014-10-19 20:41 - 00000000 ____D () C:\Users\admin\AppData\Local\CyberLink 2014-10-04 15:29 - 2014-10-19 20:47 - 00000000 ____D () C:\Users\admin\AppData\Local\Hewlett-Packard 2014-10-04 15:28 - 2014-10-05 20:37 - 00000000 ____D () C:\Users\admin\AppData\Local\VirtualStore 2014-10-04 15:28 - 2014-10-05 16:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe 2014-10-04 15:28 - 2014-10-04 15:51 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages 2014-10-04 15:28 - 2014-10-04 15:28 - 00001445 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-04 15:28 - 2014-10-04 15:28 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2014-10-04 15:28 - 2014-10-04 15:28 - 00000020 ___SH () C:\Users\admin\ntuser.ini 2014-10-04 15:28 - 2014-10-04 15:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Synaptics 2014-10-04 15:28 - 2014-06-17 07:11 - 00001332 _____ () C:\Users\Public\Desktop\HP Smart Friend.lnk 2014-10-04 15:27 - 2014-10-10 11:06 - 00000000 ____D () C:\Users\admin 2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-04 15:27 - 2014-05-06 16:17 - 00000000 ___HD () C:\Users\admin\Documents\hp.system.package.metadata 2014-10-04 15:27 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2014-10-04 15:27 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2014-10-04 15:27 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-04 15:22 - 2014-10-23 16:03 - 01488892 _____ () C:\Windows\WindowsUpdate.log 2014-10-04 15:13 - 2014-10-04 15:13 - 00002324 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-500 2014-10-04 11:30 - 2014-10-03 00:37 - 00000477 _____ () C:\Users\admin\Desktop\System - Shortcut.lnk 2014-10-04 11:13 - 2014-10-05 20:38 - 00000067 _____ () C:\Users\admin\Desktop\Ascii Codes.txt 2014-10-02 13:04 - 2014-10-04 19:21 - 00001034 _____ () C:\Users\admin\Desktop\Parcus EN Shaw.lnk 2014-10-02 11:19 - 2014-10-04 19:21 - 00001030 _____ () C:\Users\admin\Desktop\PARCUS.CH BELL EN.lnk 2014-10-02 10:51 - 2014-09-24 16:00 - 00000130 _____ () C:\Users\admin\Desktop\Moneny Converter.url 2014-10-02 10:25 - 2014-10-04 19:21 - 00001034 _____ () C:\Users\admin\Desktop\Parcus DE ShAW.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 16:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-23 02:54 - 2014-03-18 02:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-23 02:49 - 2013-08-22 07:46 - 00027584 _____ () C:\Windows\setupact.log 2014-10-23 02:49 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-23 02:48 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-22 12:38 - 2014-05-06 16:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-22 12:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-10-22 12:05 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Public\CyberLink 2014-10-22 12:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-20 07:57 - 2014-03-18 02:44 - 00277294 _____ () C:\Windows\PFRO.log 2014-10-19 20:54 - 2014-06-17 06:47 - 00000000 ____D () C:\ProgramData\Package Cache 2014-10-19 20:40 - 2014-06-17 06:57 - 00000000 ____D () C:\Program Files (x86)\CyberLink 2014-10-19 20:39 - 2014-06-17 06:58 - 00000000 ____D () C:\ProgramData\CyberLink 2014-10-19 20:39 - 2014-03-31 18:07 - 00000000 ____D () C:\SWSetup 2014-10-19 20:35 - 2014-06-17 06:36 - 00043082 _____ () C:\Windows\DPINST.LOG 2014-10-17 17:00 - 2014-05-06 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-10-16 19:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache 2014-10-16 19:00 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-16 18:58 - 2014-03-18 02:38 - 00000000 ____D () C:\Program Files\Windows Journal 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\winrm 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\slmgr 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\winrm 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\slmgr 2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ___SD () C:\Windows\system32\dsc 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Com 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\MUI 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\migwiz 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Com 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\IME 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Help 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\servicing 2014-10-10 11:05 - 2013-08-22 07:44 - 00486032 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-10 11:03 - 2014-05-06 16:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools 2014-10-10 11:03 - 2014-03-18 02:38 - 00000000 ____D () C:\Windows\ShellNew 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 __RSD () C:\Windows\Media 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\setup 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Bthprops 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Bthprops 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Camera 2014-10-10 11:02 - 2014-06-17 06:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-10-10 11:02 - 2014-05-06 16:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2014-10-10 11:02 - 2014-05-06 16:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat 2014-10-10 11:02 - 2014-05-06 16:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection 2014-10-10 10:52 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration 2014-10-10 10:44 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-09 09:55 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\WCN 2014-10-09 09:55 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\WCN 2014-10-07 08:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-05 17:28 - 2007-04-27 09:43 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll 2014-10-05 11:27 - 2013-08-22 06:25 - 00000220 _____ () C:\Windows\win.ini 2014-10-05 11:25 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\System 2014-10-05 10:38 - 2014-06-17 06:36 - 00001332 _____ () C:\Windows\Synaptics.log 2014-10-05 10:19 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-10-04 19:09 - 2014-05-06 16:41 - 00000000 ___HD () C:\HP 2014-10-04 18:57 - 2014-08-30 21:23 - 00000000 ____D () C:\Users\admin\Desktop\Tausch boersen 2014-10-04 16:12 - 2014-04-02 02:27 - 00000000 __SHD () C:\Recovery 2014-10-04 16:12 - 2013-08-22 08:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template 2014-10-04 15:58 - 2014-05-06 16:30 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files\mcafee 2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files\Common Files\mcafee 2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-10-04 15:40 - 2014-06-17 06:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-10-04 15:38 - 2014-06-17 06:59 - 00000000 ____D () C:\ProgramData\WildTangent 2014-10-04 15:38 - 2014-06-17 06:59 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games 2014-10-04 15:34 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-10-04 15:31 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore 2014-10-04 15:28 - 2014-05-06 16:29 - 00000000 ___RD () C:\Program Files (x86)\Online Services 2014-10-04 15:28 - 2014-03-31 18:07 - 00000000 ___HD () C:\SYSTEM.SAV 2014-10-04 15:27 - 2014-04-02 03:25 - 00000000 ____D () C:\Windows\Panther 2014-10-04 15:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Recovery 2014-10-04 15:15 - 2014-04-02 02:52 - 00010342 _____ () C:\Windows\iis.log 2014-10-04 15:15 - 2013-08-22 08:37 - 00005496 _____ () C:\Windows\DtcInstall.log Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\avgnt.exe C:\Users\admin\AppData\Local\Temp\Extract.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe C:\Users\admin\AppData\Local\Temp\SP67263.exe C:\Users\admin\AppData\Local\Temp\SP67447.exe C:\Users\admin\AppData\Local\Temp\sqlite3.dll C:\Users\Work\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-21 08:52 ==================== End Of Log ============================
  5. Hi, My laptop is also infected by this fake Win32/Caphaw Security AlertOf course I tried all kinds of malware and virus removal software including Malwarebytes. Sometimes it takes hours for the pop-up to appear, but here it is again. Please help!!! Regards Globedrifter
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.