Jump to content

Another Fake Win32/Caphaw Security Alert


Recommended Posts

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Ok, thank you. Here is the first.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by admin (administrator) on HELIOS on 23-10-2014 16:07:23
Running from C:\Users\admin\Desktop\VIRUSFOLDER
Loaded Profiles: admin &  (Available profiles: admin & Work)
Platform: Windows 8.1 (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(QUALCOMM Incorporated) A:\MAIL\Parcus.CA\Eudora.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-07] (Hewlett-Packard)
HKU\S-1-5-21-4027528453-55454652-140910116-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-04] (Siber Systems)
HKU\S-1-5-21-4027528453-55454652-140910116-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4027528453-55454652-140910116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-04] (Siber Systems)
HKU\S-1-5-21-4027528453-55454652-140910116-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-4027528453-55454652-140910116-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON14/4
SearchScopes: HKLM - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {8ACD9F21-04CB-4BA5-A929-599D095256E4} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oulr3fd6.default
FF Homepage: GLOBEDRIFTER.COM
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\oulr3fd6.default\Extensions\abs@avira.com [2014-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-10-04]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-10-05] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-18] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-06] (Microsoft Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-06] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-09-24] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7517872 2014-06-17] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2014-05-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 Ser2pl; \SystemRoot\system32\DRIVERS\ser2pl64.sys [X]
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 09:07 - 2014-10-23 09:07 - 00000186 _____ () C:\Users\admin\Desktop\Malewarebytes Help Forum.url
2014-10-22 12:27 - 2014-10-22 12:27 - 00000000 ____D () C:\Users\admin\AppData\Local\CrashDumps
2014-10-22 12:13 - 2014-10-22 12:13 - 00000000 ____D () C:\Windows\LastGood
2014-10-22 12:05 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\Documents\Avatar
2014-10-22 12:05 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\AppData\Roaming\CyberLink
2014-10-22 12:03 - 2014-10-22 12:03 - 00003592 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-1002
2014-10-22 12:03 - 2014-10-22 12:03 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Avira
2014-10-22 11:58 - 2014-10-22 12:05 - 00000000 ____D () C:\Users\Work\Documents\Youcam
2014-10-22 11:58 - 2014-10-22 11:58 - 00000000 ____D () C:\Users\Work\AppData\Local\Hewlett-Packard
2014-10-22 11:58 - 2014-10-22 11:58 - 00000000 ____D () C:\Users\Work\AppData\Local\CyberLink
2014-10-22 11:57 - 2014-10-22 11:59 - 00000000 ____D () C:\Users\Work\AppData\Local\Packages
2014-10-22 11:57 - 2014-10-22 11:57 - 00001445 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-22 11:57 - 2014-10-22 11:57 - 00000020 ___SH () C:\Users\Work\ntuser.ini
2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Synaptics
2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Adobe
2014-10-22 11:57 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work\AppData\Local\VirtualStore
2014-10-22 11:56 - 2014-10-22 11:57 - 00000000 ____D () C:\Users\Work
2014-10-22 11:56 - 2014-10-10 11:03 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-22 11:56 - 2014-10-10 11:03 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-22 11:56 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\Work\AppData\Local\Pokki
2014-10-22 11:56 - 2014-05-06 16:17 - 00000000 ___HD () C:\Users\Work\Documents\hp.system.package.metadata
2014-10-22 11:56 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-10-22 11:56 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-10-22 11:56 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 11:56 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-21 09:43 - 2014-10-21 09:43 - 00000000 ____D () C:\Users\admin\Documents\Updater
2014-10-19 21:00 - 2014-10-19 21:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Avira
2014-10-19 21:00 - 2014-10-19 20:59 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-19 20:57 - 2014-09-24 12:44 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-19 20:57 - 2014-09-24 12:44 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-19 20:57 - 2014-09-24 12:44 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-19 20:54 - 2014-10-19 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-19 20:54 - 2014-10-19 20:57 - 00000000 ____D () C:\ProgramData\Avira
2014-10-19 20:54 - 2014-10-19 20:54 - 00001116 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-19 20:47 - 2014-10-20 07:58 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForadmin.job
2014-10-19 20:47 - 2014-10-19 20:47 - 00003156 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForadmin
2014-10-19 20:35 - 2014-10-19 20:35 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-10-17 17:02 - 2014-10-17 17:02 - 00132736 _____ () C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-17 17:00 - 2014-10-17 17:00 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-10-12 13:18 - 2014-10-12 13:18 - 00000000 ____D () C:\Users\admin\AppData\Local\Evernote
2014-10-11 08:14 - 2014-10-13 11:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-10 12:02 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 11:52 - 2014-10-23 16:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-10 11:52 - 2014-10-22 13:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-10 11:52 - 2014-10-10 11:52 - 00001077 _____ () C:\Users\Public\Desktop\Anti Malware.lnk
2014-10-10 11:52 - 2014-10-10 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 11:52 - 2014-10-10 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 11:52 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-10 11:52 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-10 11:52 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-10 11:39 - 2014-10-20 07:56 - 00000000 ____D () C:\AdwCleaner
2014-10-10 11:25 - 2014-10-23 16:07 - 00000000 ____D () C:\FRST
2014-10-10 11:24 - 2014-10-23 16:07 - 00000000 ____D () C:\Users\admin\Desktop\VIRUSFOLDER
2014-10-10 11:15 - 2014-09-21 23:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-07 08:32 - 2014-10-10 12:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-06 09:17 - 2014-10-06 09:17 - 00000000 ____D () C:\Users\admin\AppData\Local\Macromedia
2014-10-06 09:16 - 2014-10-06 09:17 - 00000112 _____ () C:\Users\admin\Desktop\KlassikRadio.url
2014-10-05 18:11 - 2013-08-17 10:09 - 00607256 _____ (proDAD GmbH) C:\Windows\system32\prodad-codec.dll
2014-10-05 18:10 - 2014-10-05 18:11 - 00000000 ____D () C:\ProgramData\proDAD
2014-10-05 18:10 - 2014-10-05 18:10 - 00000000 ____D () C:\Users\admin\AppData\Roaming\proDAD
2014-10-05 18:10 - 2014-10-05 18:10 - 00000000 ____D () C:\Program Files\proDAD
2014-10-05 17:28 - 2014-10-05 17:28 - 00001190 _____ () C:\Users\Public\Desktop\MAGIX Music Maker Soundtrack Edition.lnk
2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\Documents\MAGIX_MusicEditor
2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Xara
2014-10-05 17:07 - 2014-10-05 17:07 - 00000000 ____D () C:\Users\admin\AppData\Local\Magix
2014-10-05 17:06 - 2014-10-05 17:58 - 00000000 ____D () C:\Users\Public\Documents\MAGIX
2014-10-05 17:06 - 2014-10-05 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-10-05 17:06 - 2014-10-05 17:06 - 00001067 _____ () C:\Users\Public\Desktop\MAGIX Video Pro X6.lnk
2014-10-05 17:06 - 2014-10-05 17:06 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Shared
2014-10-05 17:05 - 2014-10-05 17:29 - 00000000 ___RD () C:\Users\admin\Documents\MAGIX
2014-10-05 17:05 - 2014-10-05 17:28 - 00000000 ____D () C:\ProgramData\MAGIX
2014-10-05 17:05 - 2014-10-05 17:28 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files\MAGIX
2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files\Common Files\MAGIX Services
2014-10-05 17:05 - 2014-10-05 17:05 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-10-05 16:32 - 2014-10-05 17:29 - 00000000 ____D () C:\Users\admin\AppData\Roaming\MAGIX
2014-10-05 16:29 - 2014-10-05 16:29 - 00000756 _____ () C:\Users\admin\Desktop\Carlos - Shortcut.lnk
2014-10-05 16:28 - 2014-10-05 16:28 - 00002028 _____ () C:\Users\admin\Desktop\Adobe Photoshop CS2.lnk
2014-10-05 16:28 - 2014-10-05 16:28 - 00002025 _____ () C:\Users\admin\Desktop\Adobe ImageReady CS2.lnk
2014-10-05 16:26 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-10-05 16:26 - 2014-10-05 16:26 - 00002064 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-10-05 16:26 - 2014-10-05 16:26 - 00002046 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-10-05 16:26 - 2014-10-05 16:26 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-10-05 16:25 - 2014-10-05 16:25 - 00002028 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-10-05 16:25 - 2014-10-05 16:25 - 00002025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-10-05 16:05 - 2014-10-05 16:05 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-10-05 16:00 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTP Voyager
2014-10-05 16:00 - 2014-10-05 16:00 - 00001281 _____ () C:\Users\admin\Desktop\FTP Voyager.lnk
2014-10-05 16:00 - 2014-10-05 16:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RhinoSoft.com
2014-10-05 16:00 - 2014-10-05 16:00 - 00000000 ____D () C:\Program Files (x86)\RhinoSoft.com
2014-10-05 15:57 - 2014-10-05 15:57 - 00002056 _____ () C:\Users\Public\Desktop\PDF erstellen.lnk
2014-10-05 15:57 - 2014-10-05 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIB software GmbH
2014-10-05 15:57 - 2014-10-05 15:57 - 00000000 ____D () C:\Program Files\CIB software GmbH
2014-10-05 15:56 - 2014-10-05 15:56 - 00000000 ____D () C:\Users\admin\AppData\Local\Downloaded Installations
2014-10-05 15:55 - 2014-10-05 15:55 - 00002123 _____ () C:\Users\Public\Desktop\Tiger Basic 5.4.lnk
2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\Programme
2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wilke Technology
2014-10-05 15:55 - 2014-10-05 15:55 - 00000000 ____D () C:\Program Files (x86)\Wilke Technology
2014-10-05 15:52 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtuosa
2014-10-05 15:52 - 2014-10-05 15:52 - 00001860 _____ () C:\Users\Public\Desktop\Virtuosa.lnk
2014-10-05 15:52 - 2014-10-05 15:52 - 00000000 ____D () C:\Program Files (x86)\Virtuosa
2014-10-05 15:52 - 1998-04-24 19:09 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Vbar332.dll
2014-10-05 15:52 - 1998-04-24 18:40 - 01045776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjet35.dll
2014-10-05 15:52 - 1998-04-24 18:40 - 00407312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msrepl35.dll
2014-10-05 15:52 - 1998-04-24 18:40 - 00252176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msrd2x35.dll
2014-10-05 15:52 - 1998-04-24 18:40 - 00123664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjint35.dll
2014-10-05 15:52 - 1998-04-24 18:40 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msjter35.dll
2014-10-05 15:49 - 2014-10-05 15:49 - 00000000 ____D () C:\Users\admin\AppData\Local\Apple Computer
2014-10-05 15:45 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-05 15:45 - 2014-10-05 16:42 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Apple Computer
2014-10-05 15:45 - 2014-10-05 15:45 - 00001824 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-10-05 15:44 - 2014-10-05 15:44 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Users\admin\AppData\Local\Apple
2014-10-05 15:44 - 2014-10-05 15:44 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-05 15:42 - 2014-10-05 15:45 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-05 15:42 - 2014-10-05 15:45 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-05 15:42 - 2014-10-05 15:42 - 00054156 ____H () C:\Windows\QTFont.qfn
2014-10-05 15:42 - 2014-10-05 15:42 - 00001409 _____ () C:\Windows\QTFont.for
2014-10-05 15:37 - 2014-10-05 15:37 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-05 15:37 - 2014-10-05 15:37 - 00000962 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2014-10-05 15:37 - 2014-10-05 15:37 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Helios
2014-10-05 15:37 - 2014-10-05 15:37 - 00000000 ____D () C:\Program Files (x86)\TextPad 5
2014-10-05 15:34 - 2014-10-05 15:34 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-05 15:33 - 2014-10-05 16:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-05 15:32 - 2014-10-12 05:28 - 00000000 ____D () C:\Users\admin\AppData\Local\Adobe
2014-10-05 11:30 - 2014-10-05 11:30 - 00000788 _____ () C:\Users\admin\Desktop\00000_Move.lnk
2014-10-05 11:27 - 2014-10-10 12:07 - 00000000 ____D () C:\Windows\PCHEALTH
2014-10-05 11:27 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-10-05 11:27 - 2014-10-05 11:27 - 00000376 _____ () C:\Windows\ODBC.INI
2014-10-05 11:27 - 2014-10-05 11:27 - 00000000 ____D () C:\Program Files (x86)\Microsoft ActiveSync
2014-10-05 11:19 - 2014-10-23 16:03 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Skype
2014-10-05 11:19 - 2014-10-14 09:30 - 00000000 ____D () C:\ProgramData\Skype
2014-10-05 11:19 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-05 11:19 - 2014-10-05 11:19 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-10-05 11:19 - 2014-10-05 11:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-05 11:19 - 2014-10-05 11:19 - 00000000 ____D () C:\Users\admin\AppData\Local\Skype
2014-10-05 11:13 - 2014-10-05 11:13 - 00000468 _____ () C:\Users\admin\Desktop\LOCAL DATA (A).lnk
2014-10-05 11:12 - 2014-10-10 11:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-05 11:12 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll
2014-10-05 11:08 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-10-05 10:41 - 2014-10-05 10:41 - 00000000 ____D () C:\ProgramData\Synaptics
2014-10-05 10:38 - 2014-10-05 10:38 - 00000000 ____D () C:\Program Files\Synaptics
2014-10-05 10:19 - 2014-10-19 20:47 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-05 10:19 - 2014-10-19 20:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-05 10:17 - 2014-10-05 10:17 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-05 09:07 - 2014-10-05 09:07 - 00000109 _____ () C:\Users\admin\Desktop\LEO.url
2014-10-04 19:36 - 2014-10-04 19:36 - 00004100 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-10-04 19:36 - 2014-10-04 19:36 - 00003488 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-10-04 19:30 - 2014-10-05 14:22 - 00000000 ____D () C:\Users\admin\AppData\Roaming\RoboForm
2014-10-04 19:27 - 2014-10-10 11:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-04 19:27 - 2014-10-04 19:27 - 00000000 ____D () C:\Users\admin\Documents\My RoboForm Data
2014-10-04 19:27 - 2014-10-04 19:27 - 00000000 ____D () C:\ProgramData\RoboForm
2014-10-04 19:22 - 2014-10-04 19:22 - 00000000 ____D () C:\Program Files (x86)\Siber Systems
2014-10-04 18:59 - 2014-10-04 19:22 - 00001082 _____ () C:\Users\admin\Desktop\Shaw - EN.lnk
2014-10-04 18:59 - 2014-10-04 19:22 - 00001082 _____ () C:\Users\admin\Desktop\Shaw - DE.lnk
2014-10-04 18:56 - 2014-10-04 18:56 - 00000000 ____D () C:\Users\admin\Desktop\Youtube Stuff
2014-10-04 18:56 - 2014-10-04 18:56 - 00000000 ____D () C:\Users\admin\Desktop\Photos Sept 2014
2014-10-04 16:13 - 2014-10-04 16:13 - 00000000 ____D () C:\Users\admin\AppData\Local\SFPC_Auto_Updater
2014-10-04 16:12 - 2014-10-04 16:12 - 00000000 _____ () C:\Recovery.txt
2014-10-04 16:03 - 2014-10-19 20:57 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-04 16:02 - 2014-10-04 16:02 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\admin\Downloads\avira_de_av_4410091161__ws.exe
2014-10-04 15:58 - 2014-10-04 15:59 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Mozilla
2014-10-04 15:58 - 2014-10-04 15:59 - 00000000 ____D () C:\Users\admin\AppData\Local\Mozilla
2014-10-04 15:58 - 2014-10-04 15:58 - 00001134 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-04 15:58 - 2014-10-04 15:58 - 00001122 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-04 15:58 - 2014-10-04 15:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-04 15:57 - 2014-10-04 15:57 - 00004002 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater
2014-10-04 15:57 - 2014-10-04 15:57 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun
2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Roaming\hpqlog
2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Local\IsolatedStorage
2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Local\Developerts_LLC
2014-10-04 15:56 - 2014-10-04 16:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Developerts LLC USA
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Macromedia
2014-10-04 15:41 - 2014-10-04 15:41 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieUserList
2014-10-04 15:41 - 2014-10-04 15:41 - 00000000 __SHD () C:\Users\admin\AppData\Local\EmieSiteList
2014-10-04 15:38 - 2014-10-04 15:38 - 00000000 ____D () C:\Users\admin\AppData\Roaming\WildTangent
2014-10-04 15:36 - 2014-10-04 15:36 - 00000657 _____ () C:\Windows\SynInst.log
2014-10-04 15:35 - 2014-10-04 15:35 - 00000000 ____D () C:\Users\admin\AppData\Local\pinger.com
2014-10-04 15:33 - 2014-10-22 12:20 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-1001
2014-10-04 15:32 - 2014-10-04 15:32 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Hewlett-Packard
2014-10-04 15:30 - 2014-10-23 16:02 - 00000000 ____D () C:\Users\admin\Documents\Youcam
2014-10-04 15:30 - 2014-10-19 20:41 - 00000000 ____D () C:\Users\admin\AppData\Local\CyberLink
2014-10-04 15:29 - 2014-10-19 20:47 - 00000000 ____D () C:\Users\admin\AppData\Local\Hewlett-Packard
2014-10-04 15:28 - 2014-10-05 20:37 - 00000000 ____D () C:\Users\admin\AppData\Local\VirtualStore
2014-10-04 15:28 - 2014-10-05 16:30 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Adobe
2014-10-04 15:28 - 2014-10-04 15:51 - 00000000 ____D () C:\Users\admin\AppData\Local\Packages
2014-10-04 15:28 - 2014-10-04 15:28 - 00001445 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-04 15:28 - 2014-10-04 15:28 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-10-04 15:28 - 2014-10-04 15:28 - 00000020 ___SH () C:\Users\admin\ntuser.ini
2014-10-04 15:28 - 2014-10-04 15:28 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Synaptics
2014-10-04 15:28 - 2014-06-17 07:11 - 00001332 _____ () C:\Users\Public\Desktop\HP Smart Friend.lnk
2014-10-04 15:27 - 2014-10-10 11:06 - 00000000 ____D () C:\Users\admin
2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-04 15:27 - 2014-10-10 11:02 - 00000000 ___RD () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-04 15:27 - 2014-05-06 16:17 - 00000000 ___HD () C:\Users\admin\Documents\hp.system.package.metadata
2014-10-04 15:27 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-10-04 15:27 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-10-04 15:27 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-04 15:22 - 2014-10-23 16:03 - 01488892 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 15:13 - 2014-10-04 15:13 - 00002324 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4027528453-55454652-140910116-500
2014-10-04 11:30 - 2014-10-03 00:37 - 00000477 _____ () C:\Users\admin\Desktop\System - Shortcut.lnk
2014-10-04 11:13 - 2014-10-05 20:38 - 00000067 _____ () C:\Users\admin\Desktop\Ascii Codes.txt
2014-10-02 13:04 - 2014-10-04 19:21 - 00001034 _____ () C:\Users\admin\Desktop\Parcus EN Shaw.lnk
2014-10-02 11:19 - 2014-10-04 19:21 - 00001030 _____ () C:\Users\admin\Desktop\PARCUS.CH BELL EN.lnk
2014-10-02 10:51 - 2014-09-24 16:00 - 00000130 _____ () C:\Users\admin\Desktop\Moneny Converter.url
2014-10-02 10:25 - 2014-10-04 19:21 - 00001034 _____ () C:\Users\admin\Desktop\Parcus DE ShAW.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 16:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-10-23 02:54 - 2014-03-18 02:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-23 02:49 - 2013-08-22 07:46 - 00027584 _____ () C:\Windows\setupact.log
2014-10-23 02:49 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 02:48 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-22 12:38 - 2014-05-06 16:20 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-22 12:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-22 12:05 - 2014-06-17 07:06 - 00000000 ____D () C:\Users\Public\CyberLink
2014-10-22 12:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-10-20 07:57 - 2014-03-18 02:44 - 00277294 _____ () C:\Windows\PFRO.log
2014-10-19 20:54 - 2014-06-17 06:47 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-19 20:40 - 2014-06-17 06:57 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-10-19 20:39 - 2014-06-17 06:58 - 00000000 ____D () C:\ProgramData\CyberLink
2014-10-19 20:39 - 2014-03-31 18:07 - 00000000 ____D () C:\SWSetup
2014-10-19 20:35 - 2014-06-17 06:36 - 00043082 _____ () C:\Windows\DPINST.LOG
2014-10-17 17:00 - 2014-05-06 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-16 19:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-10-16 19:00 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-16 18:58 - 2014-03-18 02:38 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\winrm
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\slmgr
2014-10-16 18:58 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ___SD () C:\Windows\system32\dsc
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\WinStore
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\MUI
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Com
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\IME
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Help
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-10-16 18:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 18:58 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\servicing
2014-10-10 11:05 - 2013-08-22 07:44 - 00486032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-10 11:03 - 2014-05-06 16:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-10-10 11:03 - 2014-03-18 02:38 - 00000000 ____D () C:\Windows\ShellNew
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 __RSD () C:\Windows\Media
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Bthprops
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\setup
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Bthprops
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\FileManager
2014-10-10 11:03 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\Camera
2014-10-10 11:02 - 2014-06-17 06:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-10-10 11:02 - 2014-05-06 16:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-10-10 11:02 - 2014-05-06 16:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-10-10 11:02 - 2014-05-06 16:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-10-10 10:52 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\registration
2014-10-10 10:44 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-10-09 09:55 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-10-09 09:55 - 2014-03-18 02:25 - 00000000 ____D () C:\Windows\system32\WCN
2014-10-07 08:32 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-05 17:28 - 2007-04-27 09:43 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll
2014-10-05 11:27 - 2013-08-22 06:25 - 00000220 _____ () C:\Windows\win.ini
2014-10-05 11:25 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\System
2014-10-05 10:38 - 2014-06-17 06:36 - 00001332 _____ () C:\Windows\Synaptics.log
2014-10-05 10:19 - 2014-05-06 16:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-04 19:09 - 2014-05-06 16:41 - 00000000 ___HD () C:\HP
2014-10-04 18:57 - 2014-08-30 21:23 - 00000000 ____D () C:\Users\admin\Desktop\Tausch boersen
2014-10-04 16:12 - 2014-04-02 02:27 - 00000000 __SHD () C:\Recovery
2014-10-04 16:12 - 2013-08-22 08:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-10-04 15:58 - 2014-05-06 16:30 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files\mcafee
2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-10-04 15:53 - 2014-06-17 07:08 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-04 15:40 - 2014-06-17 06:59 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-04 15:38 - 2014-06-17 06:59 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-04 15:38 - 2014-06-17 06:59 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-10-04 15:34 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-04 15:31 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore
2014-10-04 15:28 - 2014-05-06 16:29 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-10-04 15:28 - 2014-03-31 18:07 - 00000000 ___HD () C:\SYSTEM.SAV
2014-10-04 15:27 - 2014-04-02 03:25 - 00000000 ____D () C:\Windows\Panther
2014-10-04 15:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Recovery
2014-10-04 15:15 - 2014-04-02 02:52 - 00010342 _____ () C:\Windows\iis.log
2014-10-04 15:15 - 2013-08-22 08:37 - 00005496 _____ () C:\Windows\DtcInstall.log

Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\avgnt.exe
C:\Users\admin\AppData\Local\Temp\Extract.exe
C:\Users\admin\AppData\Local\Temp\Quarantine.exe
C:\Users\admin\AppData\Local\Temp\SP67263.exe
C:\Users\admin\AppData\Local\Temp\SP67447.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
C:\Users\Work\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-21 08:52

==================== End Of Log ============================

Link to post
Share on other sites

And here the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by admin at 2014-10-23 16:07:46
Running from C:\Users\admin\Desktop\VIRUSFOLDER
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.223.215.5 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9810 - Broadcom Corporation)
CIB pdf brewer (HKLM\...\{E9E6A9B7-89B7-41D3-90A1-710E82427097}) (Version: 2.6.0034 - CIB software GmbH)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6021.5000 - Microsoft Corporation)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3604 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.6.3604 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.4.4223 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FTP Voyager 11.2 (HKLM-x32\...\FTP Voyager_is1) (Version:  - RhinoSoft.com)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 1.16.1420 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP SimplePass (Version: 8.01.11 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.9.1000 - Intel Corporation) Hidden
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{455E207E-5625-4D07-A420-CAF153BEC7E9}) (Version: 4.3.2.0 - MAGIX AG)
MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (Demosongs) (HKLM-x32\...\MAGIX_{7008FDC2-9B1A-4398-BE02-5365B578471A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Demosongs) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (HKLM-x32\...\MAGIX_{13608872-D05A-43C8-A9A3-F565B504DD61}) (Version: 19.0.3.46 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) (HKLM-x32\...\MAGIX_{0DE9B74C-4FF3-4AFF-8026-58CE0DA157EF}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Music Maker Soundtrack Edition (Synthesizer und Effekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition (Version: 19.0.3.46 - MAGIX AG) Hidden
MAGIX Music Maker Soundtrack Edition Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{8B8BF55D-6561-4911-A7C1-33D90F3FB989}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X6 (Designelemente) (HKLM\...\MX.{B819C28D-D7A1-4A73-B97D-BCEC5616BB4A}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Designelemente) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Filmvorlagen) (HKLM\...\MX.{3FB5F487-B8A5-46E4-872D-2CDA114466F4}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Filmvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (HKLM\...\MX.{CBC84EDA-E830-4240-9392-325C3E6D5DCA}) (Version: 13.0.4.2 - MAGIX Software GmbH)
MAGIX Video Pro X6 (Individuelle Menüvorlagen) (HKLM\...\MX.{46014C2A-4768-4171-9FDE-9DF30836D387}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Individuelle Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Menüvorlagen) (HKLM\...\MX.{C631DC28-575A-422B-AA9C-829834486F38}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Menüvorlagen) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (proDAD Mercalli V2) (HKLM\...\MX.{A90FD7D9-5A48-4350-BA1C-E39390D158B7}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (proDAD Mercalli V2) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Soundtrack Maker-Stile) (HKLM\...\MX.{55A35129-47E9-4E81-9B98-775D631794AC}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Soundtrack Maker-Stile) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Titeleffekte) (HKLM\...\MX.{4D0530E3-9918-4264-8108-B3B7E8F7B910}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Titeleffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Überblendeffekte) (HKLM\...\MX.{56DE2115-3FF0-42CD-91A1-9BA4C9C7B8CA}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video Pro X6 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video Pro X6 (Version: 13.0.4.2 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
proDAD Heroglyph 4.0 (64bit) (HKLM\...\proDAD-Heroglyph-4.0) (Version: 4.0.225.1 - proDAD GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
RoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.5.2 - Synaptics Incorporated)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Tiger-Basic 5.4 (HKLM-x32\...\{013EDBA6-4A8F-4312-AAB6-899E18CC727D}) (Version: 5.4 - Wilke Technology)
Virtuosa (HKLM-x32\...\{38749CB9-FFC0-402E-8F95-519BDFE3784C}) (Version:  - )
Vita String Ensemble (Version: 1.0.0.0 - MAGIX AG) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4027528453-55454652-140910116-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4027528453-55454652-140910116-1001_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files (x86)\TextPad 5\System\shellext64.dll (Helios Software Solutions)

==================== Restore Points  =========================

17-10-2014 01:56:30 Language Pack Removal
20-10-2014 03:33:19 HPSF Applying updates
20-10-2014 15:18:38 After 3 Virus Scans
22-10-2014 18:42:56 Installed PL-2303 USB-to-Serial

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21199D4C-F9E7-4A63-8AFD-C469861365D8} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
Task: {35AE8B4D-BB31-4510-B4CA-9CFC006CA44D} - System32\Tasks\HPCeeScheduleForadmin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BBAE78D-47D3-45A9-B808-AE983E04D144} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)
Task: {45CA5759-8347-4587-9D16-D3548417514B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A371C66-B995-4688-9077-6271C0944117} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D2DBD32-1CA9-4346-B91A-DA00590EFC97} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {745B5281-77F7-4B30-A73D-39535AAA94A5} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\admin\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] ()
Task: {75C81151-868D-4A6A-9C1A-F198F9150FE0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-10-04] (Siber Systems)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9120AA4C-7769-4C05-8D6B-0067E8CBFE63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {98292BAF-42C3-4FC1-9056-7EB1EE3B3C57} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B581F837-7EA6-4C2F-856F-003690D563C7} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exe
Task: {B64C53FD-77F1-4C5D-A1C0-FEA08F270A45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {CBDA51B5-18F3-4C3F-BBAD-09E7E42FDD0E} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {CC3E1CC1-ED6C-46D1-8440-8D8D9366178C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJMNMNJJMKMMJNMNJCNOMMJLMJJCNLMMJIMJMCNGMIMLMLJCNOJLMOMLMIMMMMMGMPMKMNMLJJNJICMIMCNGMCNOMPMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMLMFMOMNMKJPMOMFMPMJNHICMOMNMKJPMOMJNBJCMOJLJCJGJBJJNKJCMJNNICMJNDJCMLJKJJNMJCMIMFMMMOMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D352DA66-6B83-46D8-9915-8E7B856C5978} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D5C4B467-1043-4A53-BAB6-B71D4330F478} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D9E9CAEA-5E4F-478E-A29F-82F67C4C95BF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\HPCeeScheduleForadmin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-06-17 06:36 - 2013-12-10 08:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-10-04 11:34 - 2003-09-09 06:59 - 00049221 ____R () A:\MAIL\Parcus.CA\EuLang.dll
2014-10-04 11:34 - 2003-09-09 07:00 - 00049152 ____R () A:\MAIL\Parcus.CA\xmlparse.dll
2014-10-04 11:34 - 2003-09-09 07:00 - 00061532 ____R () A:\MAIL\Parcus.CA\plstclnt.dll
2014-10-04 11:34 - 2003-09-09 07:00 - 00073728 ____R () A:\MAIL\Parcus.CA\xmltok.dll
2014-10-04 11:35 - 2003-09-09 07:00 - 00011264 ____R () A:\MAIL\Parcus.CA\Plugins\Unwrap32.dll
2014-10-04 15:58 - 2014-09-23 22:09 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

========================= Accounts: ==========================

admin (S-1-5-21-4027528453-55454652-140910116-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-4027528453-55454652-140910116-500 - Administrator - Disabled)
Guest (S-1-5-21-4027528453-55454652-140910116-501 - Limited - Disabled)
Work (S-1-5-21-4027528453-55454652-140910116-1002 - Limited - Enabled) => C:\Users\Work

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/22/2014 00:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 6.3.9600.16384, time stamp: 0x5215ef8f
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000374
Fault offset: 0x00000000000f8c9c
Faulting process id: 0xf14
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5

Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727

Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278

Error: (10/10/2014 01:35:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Helios)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/10/2014 00:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1460) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00039.log.

Error: (10/10/2014 11:06:16 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (10/10/2014 10:40:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!

Error: (10/10/2014 10:27:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: The keyfile contains no valid license. The service will be stopped!


System errors:
=============
Error: (10/23/2014 08:19:25 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/22/2014 04:05:26 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/22/2014 04:04:56 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/21/2014 08:53:43 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/21/2014 08:53:13 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/20/2014 07:57:00 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/20/2014 02:42:00 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/20/2014 02:41:30 AM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/19/2014 05:42:20 PM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/19/2014 05:41:50 PM) (Source: DCOM) (EventID: 10010) (User: Helios)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (10/22/2014 00:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mmc.exe6.3.9600.163845215ef8fntdll.dll6.3.9600.17031530895afc000037400000000000f8c9cf1401cfee2e0463e09bC:\Windows\system32\mmc.exeC:\Windows\SYSTEM32\ntdll.dll672191ba-5a21-11e4-8267-142d27d89946

Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (10/12/2014 03:13:42 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: ASP.NET_2.0.50727

Error: (10/12/2014 03:13:38 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: ASP.NET_2.0.507278

Error: (10/10/2014 01:35:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Helios)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147009284

Error: (10/10/2014 00:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1460SRUJet: C:\Windows\system32\SRU\SRU00039.log-1811 (0xfffff8ed)

Error: (10/10/2014 11:06:16 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (10/10/2014 10:40:03 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0

Error: (10/10/2014 10:27:12 AM) (Source: Avira Antivirus) (EventID: 4117) (User: NT AUTHORITY)
Description: 0x0


==================== Memory info ===========================

Processor: Intel® Core i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 20%
Total physical RAM: 8122.15 MB
Available physical RAM: 6469.41 MB
Total Pagefile: 9402.15 MB
Available Pagefile: 7313.67 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive a: (LOCAL-DATA) (Fixed) (Total:488.28 GB) (Free:471.29 GB) NTFS
Drive c: (Windows) (Fixed) (Total:421.42 GB) (Free:371.46 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:20.79 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3879746A)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

frst.pngfrstsearch.png

  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
alert.exe;alert*
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.
Link to post
Share on other sites

OK, here it is:

 

Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by admin at 2014-10-24 18:41:36
Running from C:\Users\admin\Desktop\VIRUSFOLDER
Boot Mode: Normal

================== Search Files: "alert.exe;alert*" =============

C:\Windows\WinSxS\x86_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_9da90240751f2083\alert_lrg.gif
[2013-08-21 16:36][2013-06-18 05:28] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\WinSxS\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_c9cc80e8dd21050c\alert_lrg.gif
[2014-04-02 02:50][2014-03-18 03:59] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_55fbcb6960a2f77d\alert_lrg.gif
[2013-08-21 23:41][2013-06-18 07:46] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\WinSxS\amd64_netfx4-aspnet_webadmin_images_b03f5f7f11d50a3a_4.0.9600.16384_none_55fbcb6960a2f77d\alert_sml.gif
[2013-08-21 23:41][2013-06-18 07:46] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed]

C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_821f4a11c8a4dc06\alert_lrg.gif
[2014-04-02 02:50][2014-03-18 03:59] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\WinSxS\amd64_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.3.9600.16384_none_821f4a11c8a4dc06\alert_sml.gif
[2014-04-02 02:50][2014-03-18 03:59] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed]

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif
[2013-08-22 08:36][2013-08-22 08:34] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_sml.gif
[2013-08-22 08:36][2013-08-22 08:34] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed]

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
[2014-04-02 02:50][2014-04-02 02:50] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_sml.gif
[2014-04-02 02:50][2014-04-02 02:50] 0000049 ____A () 2FB408FA4E066829075E6DFB2619464F [File is signed]

C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\Images\alert_lrg.gif
[2013-08-22 08:36][2013-08-22 08:34] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Images\alert_lrg.gif
[2014-04-02 02:50][2014-04-02 02:50] 0000952 ____A () 5C9FF140C1AE94E76B2FC4DFFC19E5BF [File is signed]

C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\POT94FGU\alertset_warning[1].png
[2014-10-04 15:49][2014-10-04 15:49] 0000332 ____A () 85C7B4FFD6B4E6C96AAC14CD6E2535A2

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_BatteryReplace.xml
[2014-10-05 15:06][2011-06-14 15:04] 0006127 ____A () 5F6D786FCE5A5C672F09DB57CDF32347

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_BatteryReplace_Warranty.xml
[2014-10-05 15:06][2011-06-14 15:04] 0005888 ____A () B53B826A75234319194EE2128DB53F2A

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_GuestEnabled.xml
[2014-10-05 15:06][2014-02-12 17:00] 0001976 ____A () F0A50BA32FDF40C4BFB4684E4E2E698A

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_HPHotFixScan.xml
[2014-10-05 15:06][2011-06-14 15:04] 0002615 ____A () B271D7C547D19831FD6A08774BE0313D

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_LowDiskSpaceC.xml
[2014-10-05 15:06][2013-10-25 17:26] 0006667 ____A () 278DDB3D5CE96214050B00ACDF9C43C4

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_LowDiskSpaceC_US.xml
[2014-10-05 15:06][2013-02-05 14:00] 0008073 ____A () 68A43DA484206C61E1A180D2A8850134

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_OrderBattery.xml
[2014-10-05 15:06][2011-10-27 23:29] 0002791 ____A () AB1414411EDD24B676E9C75CDCF31ADA

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_SandyBridgeNB.xml
[2014-10-05 15:06][2011-06-14 15:04] 0001751 ____A () EB679A587A37CBAB62CDC269FAF4DAB5

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Solutions\en-US\Alert_styles.css
[2014-10-05 15:06][2012-07-02 20:11] 0000518 ____A () 0CE567DD6DCACC6115358CE8F2E6593C

C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\scripts\AlertErrorHandler.js
[2014-02-24 11:54][2014-02-24 11:54] 0000131 ____A () 094E8AE6DEFC9E3AFC16F6AC1613CDAC

C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\scripts\loggers\AlertLogger.js
[2014-02-24 11:54][2014-02-24 11:54] 0000341 ____A () 940AA5E5EF7CFE6F7D2FC70E725268CD

C:\Program Files (x86)\Avira\My Avira\pages\notification\images\alert.png
[2014-09-23 14:44][2014-09-23 14:44] 0000918 ____A () 889CD01725FE90E375D2B7EBA31917AA

C:\Program Files (x86)\Avira\AntiVir Desktop\alertcat.htm
[2014-10-19 20:57][2014-09-24 12:44] 0003321 ____A () 8727DA629C0CA9FFD80E2584CF2C640F

C:\Program Files (x86)\Avira\AntiVir Desktop\alerttyp.htm
[2014-10-19 20:57][2014-09-24 12:44] 0002952 ____A () 08CBD9C6418CCC1E5641E9733F576160

C:\Program Files (x86)\Avira\AntiVir Desktop\alertvir.htm
[2014-10-19 20:57][2014-09-24 12:44] 0002980 ____A () F440176E30E30F939C5C4620A10B6C22

C:\Program Files (x86)\Avira\AntiVir Desktop\alert_level.gif
[2014-10-19 20:57][2014-09-24 12:44] 0018648 ____A () 1814AA4312B79F74888B0CB7E6A3A620

====== End Of Search ======

Link to post
Share on other sites

Hi,

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
Link to post
Share on other sites

Could not find a virus, but here the rtequested log files:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.26.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17105
admin :: HELIOS [administrator]

2014-10-25 8:18:38 PM
mbar-log-2014-10-25 (20-18-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 368184
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

And here the system log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8516689920, free: 6573805568

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17105

File system is: NTFS
Disk drives: A:\ DRIVE_FIXED, C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8516689920, free: 6589341696

Initializing...
======================
Could not initialize database
Downloaded database version: v2014.10.26.01
Canceled update
Downloaded database version: v2014.10.26.01
Downloaded database version: v2014.10.22.01
Initializing...
=======================================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 3879746A

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2451164161
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 383ca5d5-1efc-4744-a36b-c98b1b19b362
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2451164161
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 383ca5d5-1efc-4744-a36b-c98b1b19b362
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 5d2c5546-c32b-43c0-8cd8-f73c5fbfdbd7
    FirstLBA 2048  Last LBA 1333247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID d1ae61a4-b122-4b9d-a44c-f86290d8e387
    FirstLBA 1333248  Last LBA 1865727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9e0efc09-8531-42d3-a86f-299e8ec367da
    FirstLBA 1865728  Last LBA 2127871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 3e405be2-9d9e-4ae8-adf0-3cf96aef322c
    FirstLBA 2127872  Last LBA 885909503
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 8474eb32-b97-4dec-84a0-42f7f6f88bef
    FirstLBA 885909504  Last LBA 1909905407
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID f6cb00ef-9e5b-43ff-a0da-1dd116d69972
    FirstLBA 1909907456  Last LBA 1953513471
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 

 

Link to post
Share on other sites

Could not find a virus, but here the rtequested log files:

Just to be on the safe side... :)

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    CloseProcesses:Task: {745B5281-77F7-4B30-A73D-39535AAA94A5} - System32\Tasks\Secure Fast PC Auto Updater => C:\Users\admin\AppData\Roaming\Developerts LLC USA\SFPC Auto Updater.exe [2014-10-02] ()Task: {B581F837-7EA6-4C2F-856F-003690D563C7} - System32\Tasks\Secure Fast PC Autorun => C:\Program Files (x86)\Developerts LLC\Secure Fast PC\Secure Fast PC.exeC:\Program Files (x86)\Developerts LLC\Secure Fast PC2014-10-04 15:57 - 2014-10-04 15:57 - 00004002 _____ () C:\Windows\System32\Tasks\Secure Fast PC Auto Updater2014-10-04 15:57 - 2014-10-04 15:57 - 00003558 _____ () C:\Windows\System32\Tasks\Secure Fast PC Autorun2014-10-04 15:57 - 2014-10-04 15:57 - 00000000 ____D () C:\Users\admin\AppData\Local\Developerts_LLC2014-10-04 15:56 - 2014-10-04 16:00 - 00000000 ____D () C:\Users\admin\AppData\Roaming\Developerts LLC USAEmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

After the Reboot:

Let's do a final check up:

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

eset.gif

 

 

Can you please tell me which problems still persist now?

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.