Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win7: Trojan.VBS.Autorun.ADK wurde von Antivir nicht erkannt. Oeffnet viele Kommandozeilenfenster mit Admin-Zugriffsanfrage (https://www.trojaner-board.de/167181-win7-trojan-vbs-autorun-adk-wurde-antivir-erkannt-oeffnet-viele-kommandozeilenfenster-admin-zugriffsanfrage.html)

RM1a 22.05.2015 15:33
Win7: Trojan.VBS.Autorun.ADK wurde von Antivir nicht erkannt. Oeffnet viele Kommandozeilenfenster mit Admin-Zugriffsanfrage
 
Hallo,
ich habe heute auf meinem USB-Stick eine Verknuepfung zu einem Verzeichnis entdeckt(so sah es zumindest aus) und habe drauf geklickt.
Danach haben sich etliche Kommandozeilenfenster geoeffnet und Administratorzugriffsanfragen dazu.
Wenn ich den Zugriff mit Nein verweigere, oeffnet sich eine neue Anfrage. Auf Ja hab ich natuerlich nicht geclickt.

Ich hab mir dann die Eigenschaften der Verknuepfung angeschaut und dort stand glaub ich das hier:
wscript.exe /e:VBScript.Enable Microsoft.exe
Die Datei Microsoft.exe habe ich per Virustotal gecheckt und sie wird von Bitdefender als Trojan.VBS.Autorun.ADK erkannt.
Von Avira wurde die Datei nicht erkannt.
Hier der Link dazu:
https://www.virustotal.com/en/file/07d0290b2cf80a35b12b9493bd34b2482b02fe8a8bf24e4bdbd252bd6efea1f5/analysis/1432290273/

Ich habe ein Dual-Boot System mit Windows 7 Professional N(x64) und Debian 6

Hier die Logfiles von FRST:

FRST.log
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by User1 (administrator) on User1-PC on 22-05-2015 13:51:33
Running from C:\Users\User1\Downloads
Loaded Profiles: User1 & User2 (Available profiles: User1 & User2)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Tavultesoft) C:\Program Files (x86)\Common Files\Tavultesoft\Keyman Engine 8.0\keyman.exe
(Tavultesoft) C:\Program Files (x86)\Common Files\Tavultesoft\Keyman Engine 8.0\keymanx64.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM-x32\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [desktop_pro.pxx] => C:\Program Files (x86)\Tavultesoft\Keyman Desktop 8.0\kmshell.exe [1724808 2013-09-18] (Tavultesoft)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [FreeCall] => "C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {156593e4-88d4-11e4-b35c-f0def1190e08} - F:\autorun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {156594ae-88d4-11e4-b35c-f0def1190e08} - F:\autorun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {313c57de-802c-11e4-aa9c-002710dc9864} - F:\AutoRun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {313c57e9-802c-11e4-aa9c-002710dc9864} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Tcpip\..\Interfaces\{8F0A70B0-0BAD-46B7-AA01-496416BC402B}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7E4C481-B15F-4FCA-AA82-1A97ACD9E913}: [NameServer] 213.55.96.148 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\guest
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll [2010-05-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3091468761-2761277806-1813091140-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\user.js [2009-08-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\searchplugins\ask.xml [2009-06-04]
FF Extension: Avira Browser Safety - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\abs@avira.com [2014-11-20]
FF Extension: Aquatint Black - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2013-08-12]
FF Extension: mediaplayerconnectivity - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2013-08-12]
FF Extension: NoScript - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-12]
FF Extension: Tab Mix Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-12]
FF Extension: DownThemAll! - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-08-12]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F394E450-83EA-4CB3-A851-534BA47DB1C2&apn_ptnrs=U3&apn_sauid=09DDB095-D1D8-4322-A629-BE7A3AE65B94&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-12]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (Bookmark Manager) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-12]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 airtel mobile broadband. RunOuc; C:\Program Files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-08-06] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-06] (Disc Soft Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 13:51 - 2015-05-22 13:51 - 00019213 _____ () C:\Users\User1\Downloads\Downloads.rar
2015-05-22 13:40 - 2015-05-22 13:51 - 00022612 _____ () C:\Users\User1\Downloads\FRST.txt
2015-05-22 13:39 - 2015-05-22 13:51 - 00000000 ____D () C:\FRST
2015-05-22 13:38 - 2015-05-22 13:38 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2015-05-22 13:38 - 2015-05-22 13:38 - 00000548 _____ () C:\Users\User1\Downloads\defogger_disable.log
2015-05-22 13:38 - 2015-05-22 13:38 - 00000168 _____ () C:\Users\User1\defogger_reenable
2015-05-22 13:37 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2015-05-22 13:37 - 2015-05-22 13:37 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2015-05-22 12:01 - 2015-05-22 12:01 - 00000000 ____D () C:\ProgramData\Windows Update
2015-05-22 01:37 - 2015-05-22 01:37 - 01580544 _____ () C:\Users\User1\Downloads\code_gen_tools.ppt
2015-05-21 12:35 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 12:35 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 01:24 - 2015-05-21 01:24 - 01510287 _____ () C:\Users\User1\Downloads\am_ET.zip
2015-05-21 01:23 - 2015-05-21 01:23 - 01863318 _____ () C:\Users\User1\Downloads\ti_ER.zip
2015-05-20 12:52 - 2015-05-20 12:52 - 00000025 _____ () C:\Users\User1\Downloads\ATT00002
2015-05-18 15:30 - 2015-05-18 15:51 - 00000000 ____D () C:\Users\User1\Documents\Board
2015-05-18 15:07 - 2015-05-18 15:08 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll
2015-05-13 10:29 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:29 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:29 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:29 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:29 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:29 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:29 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:29 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:29 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:29 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:27 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:27 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:27 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:27 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:27 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:27 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:27 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:27 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-05-12 21:09 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸰㈱㬸圠湩潤獷㜠倠潲敦獳潩慮㭎匠牥楶散倠捡㬱唠楮整⁤瑓瑡獥※㘱敢㐶〰㔰昰㜲㈸㤴敥挶㉡〱㐴ㄳ㜸㌵㉤㔷戹※〰〰㐱㤹㘹䄭䡖䕏〭〰〰㄰※单※啂䱉⁄㔱〮ㄮ⸰㌴㬴ㄠ※㬰ㄠ※潧杯敬挠牨浯㭥ㄠ※㈸捣㥣㠰扡㤲㜴挶㤸㉦㠳昸摣㍢㝡㠴敦捤〵晦※⤰
2015-05-09 03:03 - 2015-05-09 19:53 - 00000000 ____D () C:\Users\User2\AppData\Local\VMware
2015-05-09 03:03 - 2015-05-09 19:49 - 00000000 ____D () C:\Users\User2\AppData\Roaming\VMware
2015-05-09 03:03 - 2015-05-09 03:03 - 00001636 _____ () C:\Users\User2\Desktop\vmplayer - Shortcut.lnk
2015-05-09 03:00 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-05-09 03:00 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-05-09 02:59 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-05-09 02:59 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-05-09 02:59 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-05-09 02:58 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-05-09 02:58 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-05-09 02:57 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-05-09 02:53 - 2015-05-09 02:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-05-09 02:52 - 2015-05-22 12:09 - 00000000 ____D () C:\ProgramData\VMware
2015-05-09 02:52 - 2015-05-09 02:52 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-05-09 02:51 - 2015-05-09 02:51 - 00000000 ____D () C:\Users\User2\AppData\Local\Adobe
2015-05-09 02:49 - 2015-05-09 02:49 - 79155192 _____ (VMware, Inc.) C:\Users\User2\Downloads\VMware-player-7.1.0-2496824.exe
2015-04-29 19:38 - 2015-04-29 19:38 - 00000000 ____D () C:\Users\User2\AppData\Roaming\TeamViewer
2015-04-29 18:10 - 2015-04-29 18:10 - 00000000 ____D () C:\Users\User2\AppData\Local\TeamViewer
2015-04-24 09:36 - 2015-04-24 09:36 - 00011686 _____ () C:\Users\User1\Downloads\jhk3_churdisc.zip
2015-04-24 00:59 - 2015-04-24 01:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-22 14:33 - 2015-04-22 14:33 - 08413696 _____ () C:\Users\User1\Downloads\How-to-Care-Like-Christ-Local-Church-Edition.ppt
2015-04-22 13:19 - 2015-04-22 13:19 - 00202219 _____ () C:\Users\User1\Downloads\pdf (1)
2015-04-22 13:18 - 2015-04-22 13:18 - 00202219 _____ () C:\Users\User1\Downloads\pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 13:47 - 2013-08-06 17:55 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Notepad++
2015-05-22 13:47 - 2013-08-06 17:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-05-22 13:42 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 13:42 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 13:38 - 2013-08-06 14:12 - 00000000 ____D () C:\Users\User1
2015-05-22 13:34 - 2014-07-27 09:40 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-05-22 13:33 - 2013-08-06 23:08 - 01065069 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 13:32 - 2013-10-13 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 13:32 - 2013-08-06 17:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 13:32 - 2013-08-06 17:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 12:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 12:08 - 2009-07-14 06:56 - 00050614 _____ () C:\Windows\setupact.log
2015-05-22 12:08 - 2009-07-14 06:50 - 00435952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-22 12:03 - 2011-04-12 09:43 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-21 12:49 - 2013-08-06 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-21 12:40 - 2013-08-06 19:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-21 12:33 - 2013-10-13 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-21 12:33 - 2013-08-06 17:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-21 12:33 - 2013-08-06 17:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-21 12:33 - 2013-08-06 17:45 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2015-05-21 12:27 - 2010-11-21 05:47 - 00217118 _____ () C:\Windows\PFRO.log
2015-05-19 08:44 - 2009-07-14 07:12 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 20:52 - 2013-08-06 17:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:52 - 2013-08-06 17:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:36 - 2014-02-08 02:05 - 00000000 ____D () C:\Users\User1\Documents\Tekie
2015-05-18 09:46 - 2014-10-18 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 23:22 - 2014-11-12 15:06 - 00022471 _____ () C:\Users\User1\Documents\2015EGGEKalender.xlsx
2015-05-14 09:25 - 2013-08-06 17:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 18:51 - 2009-07-14 07:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-09 02:53 - 2013-08-06 17:50 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-09 02:51 - 2015-04-17 23:40 - 00000000 ____D () C:\Users\User2\AppData\Roaming\Adobe
2015-05-09 02:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-07 09:23 - 2013-08-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 09:21 - 2013-08-06 16:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 09:21 - 2013-08-06 16:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 21:16 - 2014-12-03 21:38 - 00002286 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:38 - 00002278 _____ () C:\Users\User1\Desktop\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:35 - 00000000 ____D () C:\Users\User1\AppData\Local\Logos
2015-04-29 18:02 - 2013-08-06 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-29 14:09 - 2013-09-13 11:34 - 00000000 ____D () C:\USB-Stick

==================== Files in the root of some directories =======

2013-08-06 17:39 - 2013-08-06 17:44 - 0000435 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\User1\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User1\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\User1\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User1\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\User1\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\User1\AppData\Local\Temp\npp.6.7.7.Installer.exe
C:\Users\User1\AppData\Local\Temp\ose00000.exe
C:\Users\User1\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\User1\AppData\Local\Temp\Update.exe
C:\Users\User1\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\User1\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\User1\AppData\Local\Temp\xmlUpdater.exe
C:\Users\User2\AppData\Local\Temp\avgnt.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 12:40

==================== End of log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by User1 at 2015-05-22 13:52:02
Running from C:\Users\User1\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3091468761-2761277806-1813091140-500 - Administrator - Disabled)
Guest (S-1-5-21-3091468761-2761277806-1813091140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3091468761-2761277806-1813091140-1002 - Limited - Enabled)
User1 (S-1-5-21-3091468761-2761277806-1813091140-1000 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-3091468761-2761277806-1813091140-1004 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
airtel mobile broadband (HKLM-x32\...\airtel mobile broadband) (Version: 23.009.09.00.1137 - Huawei Technologies Co.,Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Amazon Kindle) (Version:  - Amazon)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ChinaNet client (HKLM-x32\...\C+WClient_is1) (Version:  - )
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Logos Bible Software (HKLM-x32\...\{97F2112F-E722-447F-A86D-3D009CB50D1F}) (Version: 6.32.43 - Faithlife Corporation)
Logos Prerequisites (HKLM\...\{8A9FC733-33EF-4840-A13F-B83FDDCB6446}) (Version: 6.0.1966 - Faithlife Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50524.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tavultesoft Keyman Desktop 8.0 (HKLM-x32\...\{A6855BFD-9E52-4BD8-8CB8-181A25A37468}) (Version: 8.0.355.0 - Tavultesoft Pty Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000_Classes\CLSID\{319A0316-DF84-4B3C-8117-349B7E98E613}\localserver32 -> C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe (Faithlife / Logos Bible Software)

==================== Restore Points =========================

12-05-2015 07:01:57 Scheduled Checkpoint
20-05-2015 01:14:10 Scheduled Checkpoint
21-05-2015 12:34:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B59361A-4571-451E-93DA-CC855D9332B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {5BA17A4B-3A9B-4078-9F65-0244E1B6926B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-26] (Lenovo Group Limited)
Task: {81913113-8747-4B76-B2E6-F9FBC02F8B2F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {D70B3C85-9621-4D35-820E-49C3A79E3F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {EDEEFBC7-A010-42FD-A3A1-98D7E3D9A0FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-13 11:43 - 2012-11-12 07:59 - 00657504 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00151552 _____ () C:\Windows\KMService.exe
2013-08-06 15:04 - 2013-06-26 06:55 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-06 17:57 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2009-03-13 03:18 - 2009-03-13 03:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2014-12-13 11:43 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\mingwm10.dll
2014-12-13 11:43 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtCore4.dll
2014-12-13 11:43 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtNetwork4.dll
2014-12-13 11:43 - 2012-11-12 05:48 - 00843264 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QueryStrategy.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 00398336 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtXml4.dll
2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-21 12:33 - 2015-05-21 12:33 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3091468761-2761277806-1813091140-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\User2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C603B2D9-21E2-4EF0-AE14-FE10C5061857}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D9864F20-4031-436E-8B4B-04FF7ADA5642}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [UDP Query User{39815DF0-E485-409E-8829-10DCA33B8DC0}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [{FA68263D-A7F8-4760-90C3-0A4DC4C26F38}] => (Allow) C:\Users\User1\AppData\Local\Temp\7zS7EAA\OJP8500vA909_Basic_14\setup\hpznui40.exe
FirewallRules: [{8DEA18E8-72A0-4E7D-AF89-AF9A2CFEC53C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{68575677-6D81-48C4-8063-EC8792BDF376}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{034D2336-2B83-4248-9525-821FBE7234B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{553378B0-A15D-4B7D-B6E7-BD016944695F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A71AB482-731B-41EA-AD3B-797DE600905F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{46A8CC2F-B311-41B6-85AC-A2E401B3FC1A}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{B17B3F12-0779-474A-A631-BEB926033B91}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{0D3E78B3-F89B-46CF-B4AC-53CD0A8ED84D}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{230E03C0-12DE-4653-9519-D6DD6D4C7F7F}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{CCD3D2AE-50F2-4FA6-81DC-E8760D635790}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{70B9BD52-1C41-4139-96AA-6C35E057A6A7}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EB67BC42-4E65-4DE5-9336-73B42B51E801}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11CB2D2E-CFA2-43B5-943A-ACB02FD3E624}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C3A14983-C451-4C67-9FE3-14F5717CB255}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{79C28DAF-6B66-4788-A2E3-9B51270A9618}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{96B56B09-35BF-46FA-9C7F-40564F844CB0}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{EE6FB97A-8F05-4F21-9C78-3D33780A0A17}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{CFD16DB8-EA23-43E3-8688-96AC99015785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{3B217217-32D9-447C-B4A3-AE6EBC38BF38}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{000180F4-0528-407F-8965-345B2A03EF58}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{FB4920D6-04FD-4FBA-824F-8A3B43CEE84C}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{A415DA29-76D7-47CB-9E92-5FC584C60D99}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{71A1F43B-D5F3-418D-B2C6-30B96FC3B427}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{A40A54EA-C33C-4871-9205-0C3932C2A487}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{5C7C88C6-B7C7-41EF-BCE6-0736B1FF9975}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{B0BA9CDC-09DB-4CD0-AEA7-D7DC7AFA75D7}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{98C6CFF7-23FC-4FEE-A444-A0FB6046030A}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{C3C73836-6DD7-4781-87D6-1B51EF10FDBC}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{B6B65253-AD14-4199-AE3A-0F4A577B1D39}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{F9E57C67-7D52-457C-9455-DA81FC9FF785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{1A78C77F-5A05-4624-8C72-772A2D6A23AA}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{0C661DD6-74E8-4129-8B3C-920B6FC02C26}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{7F051E51-3990-4617-BD32-7FF3CA499F10}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{80264983-707E-41E6-B1EA-423421CB1027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6938CF55-6D4F-4478-914A-23950D7EBA9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E895D8-7BEA-4939-AF5C-D275E8F1160A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D17CF9BE-852A-4E6F-A39C-1C426FA60AE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E11BA6F-7726-4B58-90BC-178FCE9F6EDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B14D310F-7A47-4A74-99C0-E0BA667F464C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2533C136-0BA8-488F-A5AE-BFEC550C9EEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6880C31B-818C-44B9-B69F-31502841DBB1}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3F0A28AE-A58D-40BE-825D-D56F7701CAF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Color LaserJet CM2320fxi MFP
Description: HP Color LaserJet CM2320fxi MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ThinkPad Bluetooth 3.0
Description: ThinkPad Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 00:09:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 00:28:05 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: StartServiceCtrlDispatcher error = 1063

Error: (05/21/2015 00:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:30:46 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (05/22/2015 00:10:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/22/2015 00:10:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (05/22/2015 00:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/22/2015 00:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/21/2015 00:28:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/21/2015 00:28:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Authorization Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/21/2015 00:27:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/21/2015 00:27:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/21/2015 00:36:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (05/19/2015 10:45:27 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BEN-R510-P510
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F0A70B0-0BAD-46B7-AA01-496416BC402B}.
The master browser is stopping or an election is being forced.


Microsoft Office:
=========================
Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path21808600

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path18808600

Error: (05/22/2015 00:09:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 00:28:05 PM) (Source: vmauthd) (EventID: 1000) (User: )
Description: StartServiceCtrlDispatcher error = 1063

Error: (05/21/2015 00:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 10:30:46 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8051.67 MB
Available physical RAM: 6001.24 MB
Total Pagefile: 16101.53 MB
Available Pagefile: 13639.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:142.96 GB) NTFS
Drive d: (WinData) (Fixed) (Total:465.66 GB) (Free:105.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D280516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=217.9 GB) - (Type=05)
Partition 4: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================
Das Logfile von gmer fuege ich als Anhang bei, da sonst der Post groesser als 120000 Zeichen ist.

Ich hoffe es kann mir jemand von euch weiterhelfen.

Gruss
RM

deeprybka 22.05.2015 15:56
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.


Los geht's:

Schritt 1
http://www.deeprybka.trojaner-board.de/tools/vbs.PNG

Download
PC neustarten.

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

RM1a 22.05.2015 19:21
Hallo Juergen,
Danke das du dich meiner annimmst.

Hier das Rem-VBS.log:
Code:
Rem-VBSworm v4.0
======================================================== - General info:
Ran by User1 on profile C:\Users\User1
Ran on User1-PC
IPv4: 192.168.1.188
IPv4: 192.168.56.1
IPv4: 192.168.59.3
IPv4: 192.168.73.1
IPv4: 192.168.40.1
 
Microsoft Windows 7 Professional N 

Normal boot 

 
Fri 05/22/2015
17:10:48.48
======================================================== - Drive info:
Listing currently attached drives:
Caption  Description      VolumeName 

C:      Local Fixed Disk             

D:      Local Fixed Disk  WinData   

E:      CD-ROM Disc                 



 
Physical drives information:
C: \Device\HarddiskVolume2 NTFS
D: \Device\HarddiskVolume5 NTFS
======================================================== - Disinfection info:
Panda USB Vaccine was downloaded!
Cleaning all TEMP files...
Disabling Autorun...
Temporarily disabling the WSH...
Windows Script Host disabled!
Fixing system/user policies and registry hijacks...
Killing, hijacking and deleting malicious processes and files...:
Adding image hijacks...
Deleting malicious Run keys...
Killing malicious processes...
SUCCESS: The process "rundll32.exe" with PID 4624 has been terminated.
SUCCESS: The process "rundll32.exe" with PID 4724 has been terminated.

INFO: No tasks running with the specified criteria.

INFO: No tasks running with the specified criteria.
Deleting malicious files...
Deleted file - C:\ProgramData\Lexware\buchhalter\Formular\XMLExport\excel.vbs
Deleted file - C:\ProgramData\Lexware\buchhalter\Formular\XMLExport\ie.vbs
Deleted file - C:\ProgramData\Lexware\buchhalter\Formular\XMLExport\word.vbs
Deleted file - C:\ProgramData\Tavultesoft\Keyman Engine 8.0\Keyboard\_Package\gff-tir-ER-powerpack-7\uninst.vbs
Windows Script Host re-enabled!
 
Done cleaning up infection!
========================================================
 
h: selected
 
Listing root contents of h:
 
 Volume in drive H is MMENGHESTAB
 Volume Serial Number is 130C-F902

 Directory of H:\

05/08/2012  04:20 PM    <DIR>          GeezDisc
02/20/2013  10:45 PM    <DIR>          Logos Bible
05/23/2013  01:32 PM          441,344 BAPTISM.DOC
10/09/2013  07:28 PM    <DIR>          Software
10/17/2013  01:00 AM    <DIR>          SQL Server 2012 Express Management Studio with Service Pack 1 (x64) - (English)
10/18/2013  02:54 PM    <DIR>          windows6 1-KB976932-X86
11/08/2013  09:07 AM    <DIR>          syslinux
11/08/2013  09:07 AM    <DIR>          live
11/08/2013  09:07 AM    <DIR>          EFI
11/08/2013  09:07 AM    <DIR>          .disk
11/08/2013  09:07 AM    <DIR>          isolinux
11/08/2013  09:07 AM    <DIR>          utils
11/08/2013  09:08 AM            32,768 ldlinux.sys
11/15/2013  03:18 PM    <DIR>          automated vm scripts
12/03/2013  03:46 PM    <DIR>          FOUND.000
02/08/2014  09:55 AM    <DIR>          System Volume Information
06/24/2014  12:25 PM    <DIR>          FZF
06/27/2014  01:33 PM    <DIR>          CopyShop
07/16/2014  04:40 PM    <DIR>          BelegeUeberImmobilienSuche
04/29/2015  02:08 PM          712,192 Board Constitution Revised Nr-4.Old.doc
05/05/2015  01:22 PM    <DIR>          FormsCertificates
05/06/2015  01:32 PM        1,938,458 scan.pdf
05/16/2015  11:22 PM            22,471 2015EGGEKalender.xlsx
05/21/2015  09:49 AM      290,619,392 .HPIMAGE.VFS
05/21/2015  10:46 AM          216,707 Andom_Nisghina_Tekle.pdf
05/22/2015  10:58 AM            29,297 Virus.tar.gz
05/22/2015  11:01 AM    <DIR>          Verschiedenes
05/22/2015  11:29 AM          926,208 Board Constitution Revised Nr-5.doc
05/22/2015  11:30 AM                0 virustotal.txt
05/22/2015  11:34 AM          208,384 BordConstitutionCover.doc
05/22/2015  08:05 PM                0 AUTORUN_.INF
              12 File(s)    295,147,221 bytes
              19 Dir(s)  8,578,334,720 bytes free
 
Modifying files...
USB drive disinfected!
 
========================================================
Scan finished at:
20:10:06.09
Send this log only if requested.
========================================================
 
Made by @bartblaze
Tool to delete VBS autorun worm and unhide files
Info: hxxp://bartblaze.blogspot.com/2014/02/remediate-vbs-malware.html
Hier die FRST Logs:

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by User1 (administrator) on User1-PC on 22-05-2015 20:12:30
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available profiles: User1 & User2)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Tavultesoft) C:\Program Files (x86)\Common Files\Tavultesoft\Keyman Engine 8.0\keyman.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Tavultesoft) C:\Program Files (x86)\Common Files\Tavultesoft\Keyman Engine 8.0\keymanx64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM-x32\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2004360 2015-04-23] (APN)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [desktop_pro.pxx] => C:\Program Files (x86)\Tavultesoft\Keyman Desktop 8.0\kmshell.exe [1724808 2013-09-18] (Tavultesoft)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [FreeCall] => "C:\Program Files (x86)\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {156593e4-88d4-11e4-b35c-f0def1190e08} - F:\autorun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {156594ae-88d4-11e4-b35c-f0def1190e08} - F:\autorun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {313c57de-802c-11e4-aa9c-002710dc9864} - F:\AutoRun.exe
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\MountPoints2: {313c57e9-802c-11e4-aa9c-002710dc9864} - F:\AutoRun.exe
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll ACGina
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll [2015-04-23] (APN LLC.)
Toolbar: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000 -> Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll [2015-04-23] (APN LLC.)
Tcpip\..\Interfaces\{8F0A70B0-0BAD-46B7-AA01-496416BC402B}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7E4C481-B15F-4FCA-AA82-1A97ACD9E913}: [NameServer] 213.55.96.148 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\guest
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll [2010-05-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3091468761-2761277806-1813091140-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\user.js [2009-08-14]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\searchplugins\ask.xml [2009-06-04]
FF Extension: Avira Browser Safety - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\abs@avira.com [2014-11-20]
FF Extension: Aquatint Black - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2013-08-12]
FF Extension: mediaplayerconnectivity - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2013-08-12]
FF Extension: NoScript - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-12]
FF Extension: Tab Mix Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-12]
FF Extension: DownThemAll! - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-08-12]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F394E450-83EA-4CB3-A851-534BA47DB1C2&apn_ptnrs=U3&apn_sauid=09DDB095-D1D8-4322-A629-BE7A3AE65B94&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-12]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (Bookmark Manager) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-12]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2015-04-28]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 airtel mobile broadband. RunOuc; C:\Program Files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [178568 2015-04-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-08-06] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-06] (Disc Soft Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 20:12 - 2015-05-22 20:13 - 00022423 _____ () C:\Users\User1\Desktop\FRST.txt
2015-05-22 20:12 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2015-05-22 20:11 - 2015-05-22 20:11 - 00004341 _____ () C:\Users\User1\Desktop\Rem-VBS.log
2015-05-22 20:04 - 2015-05-22 20:04 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-05-22 20:02 - 2015-05-22 20:03 - 00848856 _____ (Panda Security ) C:\Users\User1\Desktop\USBVaccineSetup.exe
2015-05-22 17:10 - 2015-05-22 20:10 - 00004350 _____ () C:\Rem-VBS.log
2015-05-22 17:10 - 2015-05-22 17:10 - 00098816 _____ (bartblaze) C:\Users\User1\Desktop\Rem-VBSworm_4.0.exe
2015-05-22 17:00 - 2015-05-22 17:00 - 00475336 _____ () C:\Windows\Minidump\052215-20061-01.dmp
2015-05-22 15:20 - 2015-05-22 15:20 - 00050445 _____ () C:\Users\User1\Downloads\gmer.log
2015-05-22 15:06 - 2015-05-22 15:06 - 00477976 _____ () C:\Windows\Minidump\052215-21216-01.dmp
2015-05-22 13:59 - 2015-05-22 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 13:52 - 2015-05-22 14:06 - 00032697 _____ () C:\Users\User1\Downloads\Addition.txt
2015-05-22 13:51 - 2015-05-22 13:51 - 00019213 _____ () C:\Users\User1\Downloads\Downloads.rar
2015-05-22 13:40 - 2015-05-22 14:06 - 00046269 _____ () C:\Users\User1\Downloads\FRST.txt
2015-05-22 13:39 - 2015-05-22 20:12 - 00000000 ____D () C:\FRST
2015-05-22 13:38 - 2015-05-22 13:38 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2015-05-22 13:38 - 2015-05-22 13:38 - 00000548 _____ () C:\Users\User1\Downloads\defogger_disable.log
2015-05-22 13:38 - 2015-05-22 13:38 - 00000168 _____ () C:\Users\User1\defogger_reenable
2015-05-22 13:37 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2015-05-22 13:37 - 2015-05-22 13:37 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2015-05-22 12:01 - 2015-05-22 12:01 - 00000000 ____D () C:\ProgramData\Windows Update
2015-05-22 01:37 - 2015-05-22 01:37 - 01580544 _____ () C:\Users\User1\Downloads\code_gen_tools.ppt
2015-05-21 12:35 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 12:35 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 01:24 - 2015-05-21 01:24 - 01510287 _____ () C:\Users\User1\Downloads\am_ET.zip
2015-05-21 01:23 - 2015-05-21 01:23 - 01863318 _____ () C:\Users\User1\Downloads\ti_ER.zip
2015-05-20 12:52 - 2015-05-20 12:52 - 00000025 _____ () C:\Users\User1\Downloads\ATT00002
2015-05-18 15:30 - 2015-05-18 15:51 - 00000000 ____D () C:\Users\User1\Documents\Board
2015-05-18 15:07 - 2015-05-18 15:08 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll
2015-05-13 10:29 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:29 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:29 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:29 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:29 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:29 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:29 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:29 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:29 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:29 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:27 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:27 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:27 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:27 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:27 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:27 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:27 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:27 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-05-12 21:09 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸰㈱㬸圠湩潤獷㜠倠潲敦獳潩慮㭎匠牥楶散倠捡㬱唠楮整⁤瑓瑡獥※㘱敢㐶〰㔰昰㜲㈸㤴敥挶㉡〱㐴ㄳ㜸㌵㉤㔷戹※〰〰㐱㤹㘹䄭䡖䕏〭〰〰㄰※单※啂䱉⁄㔱〮ㄮ⸰㌴㬴ㄠ※㬰ㄠ※潧杯敬挠牨浯㭥ㄠ※㈸捣㥣㠰扡㤲㜴挶㤸㉦㠳昸摣㍢㝡㠴敦捤〵晦※⤰
2015-05-09 03:03 - 2015-05-09 19:53 - 00000000 ____D () C:\Users\User2\AppData\Local\VMware
2015-05-09 03:03 - 2015-05-09 19:49 - 00000000 ____D () C:\Users\User2\AppData\Roaming\VMware
2015-05-09 03:03 - 2015-05-09 03:03 - 00001636 _____ () C:\Users\User2\Desktop\vmplayer - Shortcut.lnk
2015-05-09 03:00 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-05-09 03:00 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-05-09 02:59 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-05-09 02:59 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-05-09 02:59 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-05-09 02:58 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-05-09 02:58 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-05-09 02:57 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-05-09 02:53 - 2015-05-09 02:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-05-09 02:52 - 2015-05-22 17:01 - 00000000 ____D () C:\ProgramData\VMware
2015-05-09 02:52 - 2015-05-09 02:52 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-05-09 02:51 - 2015-05-09 02:51 - 00000000 ____D () C:\Users\User2\AppData\Local\Adobe
2015-05-09 02:49 - 2015-05-09 02:49 - 79155192 _____ (VMware, Inc.) C:\Users\User2\Downloads\VMware-player-7.1.0-2496824.exe
2015-04-29 19:38 - 2015-04-29 19:38 - 00000000 ____D () C:\Users\User2\AppData\Roaming\TeamViewer
2015-04-29 18:10 - 2015-04-29 18:10 - 00000000 ____D () C:\Users\User2\AppData\Local\TeamViewer
2015-04-24 09:36 - 2015-04-24 09:36 - 00011686 _____ () C:\Users\User1\Downloads\jhk3_churdisc.zip
2015-04-22 14:33 - 2015-04-22 14:33 - 08413696 _____ () C:\Users\User1\Downloads\How-to-Care-Like-Christ-Local-Church-Edition.ppt
2015-04-22 13:19 - 2015-04-22 13:19 - 00202219 _____ () C:\Users\User1\Downloads\pdf (1)
2015-04-22 13:18 - 2015-04-22 13:18 - 00202219 _____ () C:\Users\User1\Downloads\pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-22 20:12 - 2013-08-06 23:08 - 01085878 _____ () C:\Windows\WindowsUpdate.log
2015-05-22 20:08 - 2009-07-14 07:12 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 20:02 - 2013-08-06 17:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-22 20:01 - 2013-10-13 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-22 17:09 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-22 17:09 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-22 17:02 - 2013-08-06 17:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-22 17:00 - 2013-11-18 17:57 - 562316340 _____ () C:\Windows\MEMORY.DMP
2015-05-22 17:00 - 2013-11-18 17:57 - 00000000 ____D () C:\Windows\Minidump
2015-05-22 17:00 - 2013-08-06 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 17:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-22 17:00 - 2009-07-14 06:56 - 00050726 _____ () C:\Windows\setupact.log
2015-05-22 14:08 - 2014-07-27 09:40 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-05-22 14:04 - 2013-08-06 17:55 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Notepad++
2015-05-22 13:47 - 2013-08-06 17:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-05-22 13:38 - 2013-08-06 14:12 - 00000000 ____D () C:\Users\User1
2015-05-22 12:08 - 2009-07-14 06:50 - 00435952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-22 12:03 - 2011-04-12 09:43 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-21 12:49 - 2013-08-06 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-21 12:40 - 2013-08-06 19:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-21 12:33 - 2013-10-13 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-21 12:33 - 2013-08-06 17:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-21 12:33 - 2013-08-06 17:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-21 12:33 - 2013-08-06 17:45 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2015-05-21 12:27 - 2010-11-21 05:47 - 00217118 _____ () C:\Windows\PFRO.log
2015-05-18 20:52 - 2013-08-06 17:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:52 - 2013-08-06 17:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:36 - 2014-02-08 02:05 - 00000000 ____D () C:\Users\User1\Documents\Tekie
2015-05-18 09:46 - 2014-10-18 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 23:22 - 2014-11-12 15:06 - 00022471 _____ () C:\Users\User1\Documents\2015EGGEKalender.xlsx
2015-05-14 09:25 - 2013-08-06 17:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 18:51 - 2009-07-14 07:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-09 02:53 - 2013-08-06 17:50 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-09 02:51 - 2015-04-17 23:40 - 00000000 ____D () C:\Users\User2\AppData\Roaming\Adobe
2015-05-09 02:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-07 09:23 - 2013-08-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 09:21 - 2013-08-06 16:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 09:21 - 2013-08-06 16:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 21:16 - 2014-12-03 21:38 - 00002286 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:38 - 00002278 _____ () C:\Users\User1\Desktop\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:35 - 00000000 ____D () C:\Users\User1\AppData\Local\Logos
2015-04-29 14:09 - 2013-09-13 11:34 - 00000000 ____D () C:\USB-Stick

==================== Files in the root of some directories =======

2013-08-06 17:39 - 2013-08-06 17:44 - 0000435 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User2\AppData\Local\Temp\avgnt.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 12:40

==================== End of log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by User1 at 2015-05-22 20:13:29
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3091468761-2761277806-1813091140-500 - Administrator - Disabled)
Guest (S-1-5-21-3091468761-2761277806-1813091140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3091468761-2761277806-1813091140-1002 - Limited - Enabled)
User1 (S-1-5-21-3091468761-2761277806-1813091140-1000 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-3091468761-2761277806-1813091140-1004 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
airtel mobile broadband (HKLM-x32\...\airtel mobile broadband) (Version: 23.009.09.00.1137 - Huawei Technologies Co.,Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Amazon Kindle) (Version:  - Amazon)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ChinaNet client (HKLM-x32\...\C+WClient_is1) (Version:  - )
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Logos Bible Software (HKLM-x32\...\{97F2112F-E722-447F-A86D-3D009CB50D1F}) (Version: 6.32.43 - Faithlife Corporation)
Logos Prerequisites (HKLM\...\{8A9FC733-33EF-4840-A13F-B83FDDCB6446}) (Version: 6.0.1966 - Faithlife Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50524.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tavultesoft Keyman Desktop 8.0 (HKLM-x32\...\{A6855BFD-9E52-4BD8-8CB8-181A25A37468}) (Version: 8.0.355.0 - Tavultesoft Pty Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000_Classes\CLSID\{319A0316-DF84-4B3C-8117-349B7E98E613}\localserver32 -> C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe (Faithlife / Logos Bible Software)

==================== Restore Points =========================

12-05-2015 07:01:57 Scheduled Checkpoint
20-05-2015 01:14:10 Scheduled Checkpoint
21-05-2015 12:34:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B59361A-4571-451E-93DA-CC855D9332B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {5BA17A4B-3A9B-4078-9F65-0244E1B6926B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-26] (Lenovo Group Limited)
Task: {81913113-8747-4B76-B2E6-F9FBC02F8B2F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {CB1FD7CB-6D4A-4589-9CA2-E2D679999197} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D70B3C85-9621-4D35-820E-49C3A79E3F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {EDEEFBC7-A010-42FD-A3A1-98D7E3D9A0FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-06 15:16 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-13 11:43 - 2012-11-12 07:59 - 00657504 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00151552 _____ () C:\Windows\KMService.exe
2013-08-06 15:04 - 2013-06-26 06:55 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-06 17:57 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-08-06 17:57 - 2011-10-26 17:41 - 00126464 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-12-13 11:43 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\mingwm10.dll
2014-12-13 11:43 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtCore4.dll
2014-12-13 11:43 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtNetwork4.dll
2014-12-13 11:43 - 2012-11-12 05:48 - 00843264 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QueryStrategy.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 00398336 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtXml4.dll
2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-21 12:33 - 2015-05-21 12:33 - 16867504 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C603B2D9-21E2-4EF0-AE14-FE10C5061857}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D9864F20-4031-436E-8B4B-04FF7ADA5642}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [UDP Query User{39815DF0-E485-409E-8829-10DCA33B8DC0}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [{FA68263D-A7F8-4760-90C3-0A4DC4C26F38}] => (Allow) C:\Users\User1\AppData\Local\Temp\7zS7EAA\OJP8500vA909_Basic_14\setup\hpznui40.exe
FirewallRules: [{8DEA18E8-72A0-4E7D-AF89-AF9A2CFEC53C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{68575677-6D81-48C4-8063-EC8792BDF376}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{034D2336-2B83-4248-9525-821FBE7234B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{553378B0-A15D-4B7D-B6E7-BD016944695F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A71AB482-731B-41EA-AD3B-797DE600905F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{46A8CC2F-B311-41B6-85AC-A2E401B3FC1A}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{B17B3F12-0779-474A-A631-BEB926033B91}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{0D3E78B3-F89B-46CF-B4AC-53CD0A8ED84D}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{230E03C0-12DE-4653-9519-D6DD6D4C7F7F}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{CCD3D2AE-50F2-4FA6-81DC-E8760D635790}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{70B9BD52-1C41-4139-96AA-6C35E057A6A7}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EB67BC42-4E65-4DE5-9336-73B42B51E801}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11CB2D2E-CFA2-43B5-943A-ACB02FD3E624}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C3A14983-C451-4C67-9FE3-14F5717CB255}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{79C28DAF-6B66-4788-A2E3-9B51270A9618}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{96B56B09-35BF-46FA-9C7F-40564F844CB0}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{EE6FB97A-8F05-4F21-9C78-3D33780A0A17}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{CFD16DB8-EA23-43E3-8688-96AC99015785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{3B217217-32D9-447C-B4A3-AE6EBC38BF38}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{000180F4-0528-407F-8965-345B2A03EF58}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{FB4920D6-04FD-4FBA-824F-8A3B43CEE84C}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{A415DA29-76D7-47CB-9E92-5FC584C60D99}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{71A1F43B-D5F3-418D-B2C6-30B96FC3B427}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{A40A54EA-C33C-4871-9205-0C3932C2A487}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{5C7C88C6-B7C7-41EF-BCE6-0736B1FF9975}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{B0BA9CDC-09DB-4CD0-AEA7-D7DC7AFA75D7}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{98C6CFF7-23FC-4FEE-A444-A0FB6046030A}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{C3C73836-6DD7-4781-87D6-1B51EF10FDBC}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{B6B65253-AD14-4199-AE3A-0F4A577B1D39}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{F9E57C67-7D52-457C-9455-DA81FC9FF785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{1A78C77F-5A05-4624-8C72-772A2D6A23AA}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{0C661DD6-74E8-4129-8B3C-920B6FC02C26}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{7F051E51-3990-4617-BD32-7FF3CA499F10}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{80264983-707E-41E6-B1EA-423421CB1027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6938CF55-6D4F-4478-914A-23950D7EBA9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E895D8-7BEA-4939-AF5C-D275E8F1160A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D17CF9BE-852A-4E6F-A39C-1C426FA60AE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E11BA6F-7726-4B58-90BC-178FCE9F6EDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B14D310F-7A47-4A74-99C0-E0BA667F464C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2533C136-0BA8-488F-A5AE-BFEC550C9EEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6880C31B-818C-44B9-B69F-31502841DBB1}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3F0A28AE-A58D-40BE-825D-D56F7701CAF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Color LaserJet CM2320fxi MFP
Description: HP Color LaserJet CM2320fxi MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ThinkPad Bluetooth 3.0
Description: ThinkPad Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0

Error: (05/22/2015 05:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 03:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (05/22/2015 05:02:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/22/2015 05:00:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/22/2015 05:00:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/22/2015 05:00:22 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006c77660, 0xfffff8000481e510)C:\Windows\MEMORY.DMP052215-20061-01

Error: (05/22/2015 05:00:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:56:07 PM on ‎5/‎22/‎2015 was unexpected.

Error: (05/22/2015 03:08:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/22/2015 03:07:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/22/2015 03:07:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/22/2015 03:06:52 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006c5a040, 0xfffff80000b9a510)C:\Windows\MEMORY.DMP052215-21216-01

Error: (05/22/2015 03:06:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:36:11 PM on ‎5/‎22/‎2015 was unexpected.


Microsoft Office:
=========================
Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path21808600

Error: (05/22/2015 08:01:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path18808600

Error: (05/22/2015 05:01:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 03:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/22/2015 01:33:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8051.67 MB
Available physical RAM: 5041.36 MB
Total Pagefile: 16101.53 MB
Available Pagefile: 12754.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:144.7 GB) NTFS
Drive d: (WinData) (Fixed) (Total:465.66 GB) (Free:105.71 GB) NTFS
Drive f: (SecureDrive) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive h: (MMENGHESTAB) (Removable) (Total:14.94 GB) (Free:7.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D280516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=217.9 GB) - (Type=05)
Partition 4: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: E63EE63E)
Partition 1: (Active) - (Size=15 GB) - (Type=0B)

==================== End of log ============================

deeprybka 22.05.2015 19:30
Ist dieser "Link" jetzt noch auf dem USB-Stick zu finden?

RM1a 22.05.2015 20:29
Nein, der ist nicht mehr auf dem USB-Stick.

deeprybka 22.05.2015 20:58
Schritt 1
Echtzeitschutz des Virenscanners abschalten.
http://www.deeprybka.trojaner-board.de/zoek/avira.gif

Schritt 2
http://deeprybka.trojaner-board.de/b...s/combofix.pngScan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

RM1a 22.05.2015 22:02
Bei Schritt 2 wurde vor dem "AutoScan" der Zugriff auf die Registry von Avira geblockt.

ComboFix möchte jetzt Neustarten gibt aber folgende Meldung aus:
Unable to create backup of the current registry file C:\Windows\config\System32\SYSTEM
Continue resoration of this file?
Yes or No

deeprybka 22.05.2015 22:23
Wähle No

RM1a 22.05.2015 22:39
Hier die ComboFix.txt
Code:
ComboFix 15-05-19.01 - User1 05/22/2015  22:30:16.1.4 - x64
Microsoft Windows 7 Professional N  6.1.7601.1.1252.1.1033.18.8052.6022 [GMT 2:00]
Running from: c:\users\User1\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Windows Update
c:\programdata\Windows Update\bkr.bat
c:\users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5A83E5A-E315-489D-9493-BA400132AE83}.xps
c:\users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A9B634D6-6DC6-4F4D-8E5A-305EAB7F9369}.xps
c:\users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4BB91F4-A0C1-4FEF-A6F7-F8A82B7943E4}.xps
c:\users\User1\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\User1\Documents\~WRL0001.tmp
c:\users\User1\Documents\~WRL0002.tmp
c:\users\User1\Documents\~WRL0003.tmp
c:\users\User1\Documents\~WRL0004.tmp
c:\users\User1\Documents\~WRL0782.tmp
c:\users\User1\Documents\~WRL2319.tmp
c:\users\User1\Documents\~WRL2564.tmp
c:\users\User1\Documents\~WRL3041.tmp
c:\users\User1\Documents\~WRL3115.tmp
c:\users\User1\Documents\~WRL3274.tmp
c:\users\User1\Documents\~WRL3998.tmp
.
.
(((((((((((((((((((((((((  Files Created from 2015-04-22 to 2015-05-22  )))))))))))))))))))))))))))))))
.
.
2015-05-22 20:35 . 2015-05-22 20:35        --------        d-----w-        c:\users\User2\AppData\Local\temp
2015-05-22 20:35 . 2015-05-22 20:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2015-05-22 18:04 . 2015-05-22 18:04        --------        d-----w-        c:\programdata\Panda Security
2015-05-22 18:03 . 2015-05-22 18:03        --------        d-----w-        c:\program files (x86)\Panda USB Vaccine
2015-05-22 11:39 . 2015-05-22 18:14        --------        d-----w-        C:\FRST
2015-05-21 10:35 . 2015-05-01 13:17        124112        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 10:35 . 2015-05-01 13:16        102608        ----a-w-        c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-18 13:07 . 2015-05-18 13:08        --------        d-----w-aerdl.dll        c:\windows\SysWow64\)ESOTA~1.DLL
2015-05-13 08:27 . 2015-04-13 03:28        328704        ----a-w-        c:\windows\system32\services.exe
2015-05-12 19:09 . 2015-05-12 19:09        --------        d-----w-        c:\windows\SysWow64\6305~1
2015-05-09 01:03 . 2015-05-09 17:53        --------        d-----w-        c:\users\User2\AppData\Local\VMware
2015-05-09 01:03 . 2015-05-09 17:49        --------        d-----w-        c:\users\User2\AppData\Roaming\VMware
2015-05-09 01:00 . 2015-01-07 13:55        68288        ----a-w-        c:\windows\system32\vsocklib.dll
2015-05-09 01:00 . 2015-01-07 13:55        64192        ----a-w-        c:\windows\SysWow64\vsocklib.dll
2015-05-09 00:59 . 2015-01-07 13:55        76480        ----a-w-        c:\windows\system32\drivers\vsock.sys
2015-05-09 00:59 . 2015-02-06 16:40        66752        ----a-w-        c:\windows\system32\drivers\vmx86.sys
2015-05-09 00:59 . 2015-02-06 16:39        33472        ----a-w-        c:\windows\system32\drivers\VMkbd.sys
2015-05-09 00:58 . 2015-02-06 16:40        359104        ----a-w-        c:\windows\SysWow64\vmnetdhcp.exe
2015-05-09 00:58 . 2015-02-06 16:40        438464        ----a-w-        c:\windows\SysWow64\vmnat.exe
2015-05-09 00:58 . 2015-02-06 16:40        26816        ----a-w-        c:\windows\system32\drivers\vmnetuserif.sys
2015-05-09 00:58 . 2015-02-06 16:39        931008        ----a-w-        c:\windows\system32\vnetlib64.dll
2015-05-09 00:57 . 2015-01-07 06:02        55488        ----a-w-        c:\windows\system32\drivers\hcmon.sys
2015-05-09 00:53 . 2015-05-09 00:53        --------        d-----w-        c:\program files\Common Files\VMware
2015-05-09 00:52 . 2015-05-09 00:52        --------        d-----w-        c:\program files (x86)\VMware
2015-05-09 00:52 . 2015-05-09 00:52        --------        d-----w-        c:\program files (x86)\Common Files\VMware
2015-05-09 00:52 . 2015-05-22 21:31        --------        d-----w-        c:\programdata\VMware
2015-05-09 00:51 . 2015-05-09 00:51        --------        d-----w-        c:\users\User2\AppData\Local\Adobe
2015-04-29 17:38 . 2015-04-29 17:38        --------        d-----w-        c:\users\User2\AppData\Roaming\TeamViewer
2015-04-29 16:10 . 2015-04-29 16:10        --------        d-----w-        c:\users\User2\AppData\Local\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-21 10:40 . 2013-08-06 17:21        140425016        ----a-w-        c:\windows\system32\MRT.exe
2015-05-21 10:33 . 2013-08-06 15:45        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-05-21 10:33 . 2013-08-06 15:45        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-07 07:21 . 2013-08-06 14:05        152744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-05-07 07:21 . 2013-08-06 14:05        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-03-25 03:24 . 2015-04-15 06:26        98304        ----a-w-        c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 06:26        37376        ----a-w-        c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 06:26        35328        ----a-w-        c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 06:26        3298816        ----a-w-        c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 06:26        2553856        ----a-w-        c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 06:26        191488        ----a-w-        c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 06:26        696320        ----a-w-        c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 06:26        60416        ----a-w-        c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 06:26        12288        ----a-w-        c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 06:26        36864        ----a-w-        c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 06:26        135168        ----a-w-        c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 06:26        92672        ----a-w-        c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 06:26        566784        ----a-w-        c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 06:26        29696        ----a-w-        c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 06:26        173056        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 06:26        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2015-03-17 05:22 . 2015-04-15 06:26        5557696        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-15 06:26        1727904        ----a-w-        c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 06:26        362496        ----a-w-        c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 06:26        243712        ----a-w-        c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 06:25        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 06:26        215040        ----a-w-        c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 06:26        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 06:25        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 06:25        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 06:26        424448        ----a-w-        c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 06:26        1163264        ----a-w-        c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 06:25        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 06:25        112640        ----a-w-        c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 06:26        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 06:26        338432        ----a-w-        c:\windows\system32\conhost.exe
2015-03-17 05:11 . 2015-04-15 06:25        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        6656        ----a-w-        c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-15 06:25        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:01 . 2015-04-15 06:26        3976632        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-15 06:26        3920824        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59 . 2015-04-15 06:26        1309696        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 06:25        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 06:25        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-15 06:26        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 06:25        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 06:25        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 06:25        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-15 06:25        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 06:25        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 06:25        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-03-17 03:45 . 2015-04-15 06:25        7680        ----a-w-        c:\windows\SysWow64\instnm.exe
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2015-04-22 22:13        11144        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2015-04-22 11144]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"desktop_pro.pxx"="c:\program files (x86)\Tavultesoft\Keyman Desktop 8.0\kmshell.exe" [2013-09-18 1724808]
"Akamai NetSession Interface"="c:\users\User1\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-06-26 6002984]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-07 728312]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2015-04-22 2004360]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2014-11-28 193568]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R2 airtel mobile broadband. RunOuc;airtel mobile broadband. OUC;c:\program files (x86)\airtel mobile broadband\UpdateDog\ouc.exe;c:\program files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-14 07:22        988488        ----a-w-        c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-06 10:33]
.
2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 15:53]
.
2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06 15:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2015-04-22 22:13        12680        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2015-04-22 12680]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2013-03-05 86312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{8F0A70B0-0BAD-46B7-AA01-496416BC402B}: NameServer = 192.168.1.1
TCP: Interfaces\{E7E4C481-B15F-4FCA-AA82-1A97ACD9E913}: NameServer = 213.55.96.148 8.8.8.8
FF - ProfilePath - c:\users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\guest\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-FreeCall - c:\program files (x86)\FreeCall.com\FreeCall\FreeCall.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\programdata\airtel mobile broadband\OnlineUpdate\ouc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
.
**************************************************************************
.
Completion time: 2015-05-22  23:35:57 - machine was rebooted
ComboFix-quarantined-files.txt  2015-05-22 21:35
.
Pre-Run: 155,582,152,704 bytes free
Post-Run: 155,577,384,960 bytes free
.
- - End Of File - - 4303CD96920E33C361201248073C9DBA
89B5DB6675722B3F1FCF978126515316

deeprybka 22.05.2015 22:42
Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Gehe zurück zum Armaturenbrett und klicke auf "Jetzt scannen".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben und poste mir das Log.

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

RM1a 23.05.2015 10:15
Hier das Log vom AdwCleaner
Code:
# AdwCleaner v4.205 - Logfile created 23/05/2015 at 00:03:00
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 7 Professional N Service Pack 1 (x64)
# Username : User1 - MM-NB
# Running from : C:\Users\User1\Desktop\AdwCleaner_4.205.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\User1\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\User1\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\User1\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
File Deleted : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\searchplugins\Ask.xml
File Deleted : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\user.js
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_howistart.org_0.localstorage
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_howistart.org_0.localstorage-journal
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.timeshighereducation.co.uk_0.localstorage
File Deleted : C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.timeshighereducation.co.uk_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.apn.native_messaging_host_aaaaacalgebmfelllfiaoknifldpngjh
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17801


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[jpqz9jut.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v42.0.2311.152

[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F394E450-83EA-4CB3-A851-534BA47DB1C2&apn_ptnrs=U3&apn_sauid=09DDB095-D1D8-4322-A629-BE7A3AE65B94&apn_dtid=OSJ000YYDE&q={searchTerms}
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F394E450-83EA-4CB3-A851-534BA47DB1C2&apn_ptnrs=U3&apn_sauid=09DDB095-D1D8-4322-A629-BE7A3AE65B94&apn_dtid=OSJ000YYDE&q={searchTerms}
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : aaaaacalgebmfelllfiaoknifldpngjh
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F394E450-83EA-4CB3-A851-534BA47DB1C2&apn_ptnrs=U3&apn_sauid=09DDB095-D1D8-4322-A629-BE7A3AE65B94&apn_dtid=OSJ000YYDE&q={searchTerms}

*************************

AdwCleaner[R0].txt - [7339 bytes] - [22/05/2015 23:59:52]
AdwCleaner[S0].txt - [7265 bytes] - [23/05/2015 00:03:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7324  bytes] ##########
Hier das Log von Malwarebytes
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 5/23/2015
Suchlauf-Zeit: 1:29:23 AM
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.22.06
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 421072
Verstrichene Zeit: 29 Min, 57 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
PUP.Optional.OpenCandy, C:\Users\User1\Downloads\DTLite4471-0337.exe, , [e9c5276fc5c5c47216d34c01f214d42c],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Hier die Logs von FRST:

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by User1 (administrator) on MM-NB on 23-05-2015 11:11:19
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 (Available profiles: User1 & User2)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM-x32\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [desktop_pro.pxx] => C:\Program Files (x86)\Tavultesoft\Keyman Desktop 8.0\kmshell.exe [1724808 2013-09-18] (Tavultesoft)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Tcpip\..\Interfaces\{8F0A70B0-0BAD-46B7-AA01-496416BC402B}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7E4C481-B15F-4FCA-AA82-1A97ACD9E913}: [NameServer] 213.55.96.148 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\guest
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll [2010-05-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3091468761-2761277806-1813091140-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\abs@avira.com [2014-11-20]
FF Extension: Aquatint Black - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2013-08-12]
FF Extension: mediaplayerconnectivity - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2013-08-12]
FF Extension: NoScript - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-12]
FF Extension: Tab Mix Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-12]
FF Extension: DownThemAll! - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-08-12]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (Bookmark Manager) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-12]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 airtel mobile broadband. RunOuc; C:\Program Files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-08-06] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-06] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 11:11 - 2015-05-23 11:11 - 00020114 _____ () C:\Users\User1\Desktop\FRST.txt
2015-05-23 02:06 - 2015-05-23 11:02 - 00001282 _____ () C:\Users\User1\Desktop\mbam.txt
2015-05-23 00:32 - 2015-05-23 00:33 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 00:32 - 2015-05-23 00:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 00:32 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 00:32 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 00:32 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-22 23:59 - 2015-05-23 00:03 - 00000000 ____D () C:\AdwCleaner
2015-05-22 23:59 - 2015-05-22 23:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User1\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-22 23:59 - 2015-05-22 23:59 - 02222592 _____ () C:\Users\User1\Desktop\AdwCleaner_4.205.exe
2015-05-22 23:58 - 2015-05-22 23:58 - 00017144 _____ () C:\Users\User1\Desktop\Urb04YD8.htm
2015-05-22 23:35 - 2015-05-22 23:39 - 00028494 _____ () C:\ComboFix.txt
2015-05-22 22:28 - 2015-05-22 23:36 - 00000000 ____D () C:\Qoobox
2015-05-22 22:28 - 2015-05-22 23:34 - 00000000 ____D () C:\Windows\erdnt
2015-05-22 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-22 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-22 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-22 22:26 - 2015-05-22 22:26 - 05627500 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2015-05-22 20:12 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2015-05-22 20:11 - 2015-05-22 20:11 - 00004341 _____ () C:\Users\User1\Desktop\Rem-VBS.log
2015-05-22 20:04 - 2015-05-22 20:04 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-05-22 20:02 - 2015-05-22 20:03 - 00848856 _____ (Panda Security ) C:\Users\User1\Desktop\USBVaccineSetup.exe
2015-05-22 17:10 - 2015-05-22 20:10 - 00004350 _____ () C:\Rem-VBS.log
2015-05-22 17:10 - 2015-05-22 17:10 - 00098816 _____ (bartblaze) C:\Users\User1\Desktop\Rem-VBSworm_4.0.exe
2015-05-22 17:00 - 2015-05-22 17:00 - 00475336 _____ () C:\Windows\Minidump\052215-20061-01.dmp
2015-05-22 15:20 - 2015-05-22 15:20 - 00050445 _____ () C:\Users\User1\Downloads\gmer.log
2015-05-22 15:06 - 2015-05-22 15:06 - 00477976 _____ () C:\Windows\Minidump\052215-21216-01.dmp
2015-05-22 13:59 - 2015-05-22 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 13:52 - 2015-05-22 14:06 - 00032697 _____ () C:\Users\User1\Downloads\Addition.txt
2015-05-22 13:51 - 2015-05-22 13:51 - 00019213 _____ () C:\Users\User1\Downloads\Downloads.rar
2015-05-22 13:40 - 2015-05-22 14:06 - 00046269 _____ () C:\Users\User1\Downloads\FRST.txt
2015-05-22 13:39 - 2015-05-23 11:11 - 00000000 ____D () C:\FRST
2015-05-22 13:38 - 2015-05-22 13:38 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2015-05-22 13:38 - 2015-05-22 13:38 - 00000548 _____ () C:\Users\User1\Downloads\defogger_disable.log
2015-05-22 13:38 - 2015-05-22 13:38 - 00000168 _____ () C:\Users\User1\defogger_reenable
2015-05-22 13:37 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2015-05-22 13:37 - 2015-05-22 13:37 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2015-05-22 01:37 - 2015-05-22 01:37 - 01580544 _____ () C:\Users\User1\Downloads\code_gen_tools.ppt
2015-05-21 12:35 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 12:35 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 01:24 - 2015-05-21 01:24 - 01510287 _____ () C:\Users\User1\Downloads\am_ET.zip
2015-05-21 01:23 - 2015-05-21 01:23 - 01863318 _____ () C:\Users\User1\Downloads\ti_ER.zip
2015-05-20 12:52 - 2015-05-20 12:52 - 00000025 _____ () C:\Users\User1\Downloads\ATT00002
2015-05-18 15:30 - 2015-05-18 15:51 - 00000000 ____D () C:\Users\User1\Documents\Board
2015-05-18 15:07 - 2015-05-18 15:08 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll
2015-05-13 10:29 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:29 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:29 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:29 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:29 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:29 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:29 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:29 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:29 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:29 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:27 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:27 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:27 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:27 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:27 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:27 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:27 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:27 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-05-12 21:09 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸰㈱㬸圠湩潤獷㜠倠潲敦獳潩慮㭎匠牥楶散倠捡㬱唠楮整⁤瑓瑡獥※㘱敢㐶〰㔰昰㜲㈸㤴敥挶㉡〱㐴ㄳ㜸㌵㉤㔷戹※〰〰㐱㤹㘹䄭䡖䕏〭〰〰㄰※单※啂䱉⁄㔱〮ㄮ⸰㌴㬴ㄠ※㬰ㄠ※潧杯敬挠牨浯㭥ㄠ※㈸捣㥣㠰扡㤲㜴挶㤸㉦㠳昸摣㍢㝡㠴敦捤〵晦※⤰
2015-05-09 03:03 - 2015-05-09 19:53 - 00000000 ____D () C:\Users\User2\AppData\Local\VMware
2015-05-09 03:03 - 2015-05-09 19:49 - 00000000 ____D () C:\Users\User2\AppData\Roaming\VMware
2015-05-09 03:03 - 2015-05-09 03:03 - 00001636 _____ () C:\Users\User2\Desktop\vmplayer - Shortcut.lnk
2015-05-09 03:00 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-05-09 03:00 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-05-09 02:59 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-05-09 02:59 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-05-09 02:59 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-05-09 02:58 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-05-09 02:58 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-05-09 02:57 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-05-09 02:53 - 2015-05-09 02:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-05-09 02:52 - 2015-05-23 10:59 - 00000000 ____D () C:\ProgramData\VMware
2015-05-09 02:52 - 2015-05-09 02:52 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-05-09 02:51 - 2015-05-09 02:51 - 00000000 ____D () C:\Users\User2\AppData\Local\Adobe
2015-05-09 02:49 - 2015-05-09 02:49 - 79155192 _____ (VMware, Inc.) C:\Users\User2\Downloads\VMware-player-7.1.0-2496824.exe
2015-04-29 19:38 - 2015-04-29 19:38 - 00000000 ____D () C:\Users\User2\AppData\Roaming\TeamViewer
2015-04-29 18:10 - 2015-04-29 18:10 - 00000000 ____D () C:\Users\User2\AppData\Local\TeamViewer
2015-04-24 09:36 - 2015-04-24 09:36 - 00011686 _____ () C:\Users\User1\Downloads\jhk3_churdisc.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 11:07 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 11:07 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 11:02 - 2013-08-06 23:08 - 01114190 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 10:59 - 2013-08-06 17:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 10:58 - 2010-11-21 05:47 - 00218624 _____ () C:\Windows\PFRO.log
2015-05-23 10:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 10:58 - 2009-07-14 06:56 - 00050950 _____ () C:\Windows\setupact.log
2015-05-23 02:07 - 2011-04-12 09:43 - 00000000 ____D () C:\Windows\ShellNew
2015-05-23 01:57 - 2013-08-06 17:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 01:28 - 2013-10-13 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 00:09 - 2009-07-14 07:12 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-22 23:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 20:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-22 17:00 - 2013-11-18 17:57 - 562316340 _____ () C:\Windows\MEMORY.DMP
2015-05-22 17:00 - 2013-11-18 17:57 - 00000000 ____D () C:\Windows\Minidump
2015-05-22 17:00 - 2013-08-06 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 14:08 - 2014-07-27 09:40 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-05-22 14:04 - 2013-08-06 17:55 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Notepad++
2015-05-22 13:47 - 2013-08-06 17:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-05-22 13:38 - 2013-08-06 14:12 - 00000000 ____D () C:\Users\User1
2015-05-22 12:08 - 2009-07-14 06:50 - 00435952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-22 12:03 - 2011-04-12 09:43 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-21 12:49 - 2013-08-06 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-21 12:40 - 2013-08-06 19:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-21 12:33 - 2013-10-13 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-21 12:33 - 2013-08-06 17:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-21 12:33 - 2013-08-06 17:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-21 12:33 - 2013-08-06 17:45 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2015-05-18 20:52 - 2013-08-06 17:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:52 - 2013-08-06 17:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:36 - 2014-02-08 02:05 - 00000000 ____D () C:\Users\User1\Documents\Tekie
2015-05-18 09:46 - 2014-10-18 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 23:22 - 2014-11-12 15:06 - 00022471 _____ () C:\Users\User1\Documents\2015EGGEKalender.xlsx
2015-05-14 09:25 - 2013-08-06 17:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-10 18:51 - 2009-07-14 07:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-09 02:53 - 2013-08-06 17:50 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-09 02:51 - 2015-04-17 23:40 - 00000000 ____D () C:\Users\User2\AppData\Roaming\Adobe
2015-05-09 02:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-07 09:23 - 2013-08-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 09:21 - 2013-08-06 16:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 09:21 - 2013-08-06 16:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 21:16 - 2014-12-03 21:38 - 00002286 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:38 - 00002278 _____ () C:\Users\User1\Desktop\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:35 - 00000000 ____D () C:\Users\User1\AppData\Local\Logos
2015-04-29 14:09 - 2013-09-13 11:34 - 00000000 ____D () C:\USB-Stick

==================== Files in the root of some directories =======

2013-08-06 17:39 - 2013-08-06 17:44 - 0000435 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\Quarantine.exe
C:\Users\User1\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 12:40

==================== End of log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by User1 at 2015-05-23 11:12:07
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3091468761-2761277806-1813091140-500 - Administrator - Disabled)
Guest (S-1-5-21-3091468761-2761277806-1813091140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3091468761-2761277806-1813091140-1002 - Limited - Enabled)
User1 (S-1-5-21-3091468761-2761277806-1813091140-1000 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-3091468761-2761277806-1813091140-1004 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
airtel mobile broadband (HKLM-x32\...\airtel mobile broadband) (Version: 23.009.09.00.1137 - Huawei Technologies Co.,Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Amazon Kindle) (Version:  - Amazon)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ChinaNet client (HKLM-x32\...\C+WClient_is1) (Version:  - )
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Logos Bible Software (HKLM-x32\...\{97F2112F-E722-447F-A86D-3D009CB50D1F}) (Version: 6.32.43 - Faithlife Corporation)
Logos Prerequisites (HKLM\...\{8A9FC733-33EF-4840-A13F-B83FDDCB6446}) (Version: 6.0.1966 - Faithlife Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50524.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tavultesoft Keyman Desktop 8.0 (HKLM-x32\...\{A6855BFD-9E52-4BD8-8CB8-181A25A37468}) (Version: 8.0.355.0 - Tavultesoft Pty Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000_Classes\CLSID\{319A0316-DF84-4B3C-8117-349B7E98E613}\localserver32 -> C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe (Faithlife / Logos Bible Software)

==================== Restore Points =========================

12-05-2015 07:01:57 Scheduled Checkpoint
20-05-2015 01:14:10 Scheduled Checkpoint
21-05-2015 12:34:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-22 22:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B59361A-4571-451E-93DA-CC855D9332B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {5BA17A4B-3A9B-4078-9F65-0244E1B6926B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-26] (Lenovo Group Limited)
Task: {81913113-8747-4B76-B2E6-F9FBC02F8B2F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {CB1FD7CB-6D4A-4589-9CA2-E2D679999197} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D70B3C85-9621-4D35-820E-49C3A79E3F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {EDEEFBC7-A010-42FD-A3A1-98D7E3D9A0FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-06 15:16 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-06 15:04 - 2013-06-26 06:55 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-06 17:57 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-12-13 11:43 - 2012-11-12 07:59 - 00657504 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00151552 _____ () C:\Windows\KMService.exe
2014-12-13 11:43 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\mingwm10.dll
2014-12-13 11:43 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtCore4.dll
2014-12-13 11:43 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtNetwork4.dll
2014-12-13 11:43 - 2012-11-12 05:48 - 00843264 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QueryStrategy.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 00398336 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtXml4.dll
2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C603B2D9-21E2-4EF0-AE14-FE10C5061857}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D9864F20-4031-436E-8B4B-04FF7ADA5642}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [UDP Query User{39815DF0-E485-409E-8829-10DCA33B8DC0}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [{FA68263D-A7F8-4760-90C3-0A4DC4C26F38}] => (Allow) C:\Users\User1\AppData\Local\Temp\7zS7EAA\OJP8500vA909_Basic_14\setup\hpznui40.exe
FirewallRules: [{8DEA18E8-72A0-4E7D-AF89-AF9A2CFEC53C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{68575677-6D81-48C4-8063-EC8792BDF376}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{034D2336-2B83-4248-9525-821FBE7234B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{553378B0-A15D-4B7D-B6E7-BD016944695F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A71AB482-731B-41EA-AD3B-797DE600905F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{46A8CC2F-B311-41B6-85AC-A2E401B3FC1A}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{B17B3F12-0779-474A-A631-BEB926033B91}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{0D3E78B3-F89B-46CF-B4AC-53CD0A8ED84D}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{230E03C0-12DE-4653-9519-D6DD6D4C7F7F}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{CCD3D2AE-50F2-4FA6-81DC-E8760D635790}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{70B9BD52-1C41-4139-96AA-6C35E057A6A7}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EB67BC42-4E65-4DE5-9336-73B42B51E801}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11CB2D2E-CFA2-43B5-943A-ACB02FD3E624}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C3A14983-C451-4C67-9FE3-14F5717CB255}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{79C28DAF-6B66-4788-A2E3-9B51270A9618}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{96B56B09-35BF-46FA-9C7F-40564F844CB0}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{EE6FB97A-8F05-4F21-9C78-3D33780A0A17}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{CFD16DB8-EA23-43E3-8688-96AC99015785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{3B217217-32D9-447C-B4A3-AE6EBC38BF38}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{000180F4-0528-407F-8965-345B2A03EF58}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{FB4920D6-04FD-4FBA-824F-8A3B43CEE84C}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{A415DA29-76D7-47CB-9E92-5FC584C60D99}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{71A1F43B-D5F3-418D-B2C6-30B96FC3B427}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{A40A54EA-C33C-4871-9205-0C3932C2A487}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{5C7C88C6-B7C7-41EF-BCE6-0736B1FF9975}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{B0BA9CDC-09DB-4CD0-AEA7-D7DC7AFA75D7}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{98C6CFF7-23FC-4FEE-A444-A0FB6046030A}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{C3C73836-6DD7-4781-87D6-1B51EF10FDBC}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{B6B65253-AD14-4199-AE3A-0F4A577B1D39}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{F9E57C67-7D52-457C-9455-DA81FC9FF785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{1A78C77F-5A05-4624-8C72-772A2D6A23AA}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{0C661DD6-74E8-4129-8B3C-920B6FC02C26}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{7F051E51-3990-4617-BD32-7FF3CA499F10}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{80264983-707E-41E6-B1EA-423421CB1027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6938CF55-6D4F-4478-914A-23950D7EBA9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E895D8-7BEA-4939-AF5C-D275E8F1160A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D17CF9BE-852A-4E6F-A39C-1C426FA60AE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E11BA6F-7726-4B58-90BC-178FCE9F6EDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B14D310F-7A47-4A74-99C0-E0BA667F464C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2533C136-0BA8-488F-A5AE-BFEC550C9EEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6880C31B-818C-44B9-B69F-31502841DBB1}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3F0A28AE-A58D-40BE-825D-D56F7701CAF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Color LaserJet CM2320fxi MFP
Description: HP Color LaserJet CM2320fxi MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ThinkPad Bluetooth 3.0
Description: ThinkPad Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 10:59:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 02:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (05/23/2015 11:02:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BEN-R510-P510
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F0A70B0-0BAD-46B7-AA01-496416BC402B}.
The master browser is stopping or an election is being forced.

Error: (05/23/2015 11:00:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/23/2015 11:00:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 10:59:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/23/2015 10:59:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/23/2015 02:09:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 02:07:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/23/2015 02:07:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/23/2015 02:06:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/23/2015 00:05:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office:
=========================
Error: (05/23/2015 10:59:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 02:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path21808600

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path18808600

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900


CodeIntegrity Errors:
===================================
  Date: 2015-05-22 22:35:19.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-22 22:35:19.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8051.67 MB
Available physical RAM: 6033.46 MB
Total Pagefile: 16101.53 MB
Available Pagefile: 13883.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:144.67 GB) NTFS
Drive d: (WinData) (Fixed) (Total:465.66 GB) (Free:105.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D280516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=217.9 GB) - (Type=05)
Partition 4: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

deeprybka 23.05.2015 10:23
Das gecrackte Office muss runter bevor es hier weitergeht.

RM1a 23.05.2015 16:21
OK, ich habs mit Malwarebytes entfernt.
Hier das Log von Malwarebytes:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 5/23/2015
Suchlauf-Zeit: 11:31:47 AM
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.22.06
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User1

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420968
Verstrichene Zeit: 31 Min, 36 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, 2824, Löschen bei Neustart, [9f0f1f77d3b72d093d222095d03230d0]

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 1
RiskWare.Tool.CK, C:\Windows\KMService.exe, Löschen bei Neustart, [9f0f1f77d3b72d093d222095d03230d0],

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
Hab nochmal FRST laufen lassen.
Hier die Logs:

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-05-2015
Ran by User1 (administrator) on MM-NB on 23-05-2015 12:31:17
Running from C:\Users\User1\Desktop
Loaded Profiles: User1 &  (Available profiles: User1 & User2)
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Akamai Technologies, Inc.) C:\Users\User1\AppData\Local\Akamai\netsession_win.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\drvinst.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM-x32\...\Run: [PSQLLauncher] => C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [86312 2013-03-05] (Authentec Inc.)
HKLM-x32\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-13] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [desktop_pro.pxx] => C:\Program Files (x86)\Tavultesoft\Keyman Desktop 8.0\kmshell.exe [1724808 2013-09-18] (Tavultesoft)
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User1\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-10-18]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Tcpip\..\Interfaces\{8F0A70B0-0BAD-46B7-AA01-496416BC402B}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{E7E4C481-B15F-4FCA-AA82-1A97ACD9E913}: [NameServer] 213.55.96.148 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\guest
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-21] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-21] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll [2010-05-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3091468761-2761277806-1813091140-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013-06-18] (Tracker Software Products (Canada) Ltd.)
FF Extension: Avira Browser Safety - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\abs@avira.com [2014-11-20]
FF Extension: Aquatint Black - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66} [2013-08-12]
FF Extension: mediaplayerconnectivity - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2013-08-12]
FF Extension: NoScript - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-08-12]
FF Extension: Adblock Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-12]
FF Extension: Tab Mix Plus - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-08-12]
FF Extension: DownThemAll! - C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\jpqz9jut.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-08-12]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKU\S-1-5-21-3091468761-2761277806-1813091140-1004-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (TooManyTabs for Chrome) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-04-09]
CHR Extension: (Google Docs) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-12]
CHR Extension: (Google Drive) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-12]
CHR Extension: (YouTube) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-12]
CHR Extension: (Google Search) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-12]
CHR Extension: (Bookmark Manager) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-12]
CHR Extension: (Gmail) - C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 airtel mobile broadband. RunOuc; C:\Program Files (x86)\airtel mobile broadband\UpdateDog\ouc.exe [657504 2012-11-12] ()
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-06-26] (Lenovo.)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2013-08-06] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-05-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-08-06] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44784 2013-05-29] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 11:12 - 2015-05-23 11:13 - 00033858 _____ () C:\Users\User1\Desktop\Addition.txt
2015-05-23 11:11 - 2015-05-23 12:31 - 00020489 _____ () C:\Users\User1\Desktop\FRST.txt
2015-05-23 02:06 - 2015-05-23 12:26 - 00001350 _____ () C:\Users\User1\Desktop\mbam.txt
2015-05-23 00:32 - 2015-05-23 11:31 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 00:32 - 2015-05-23 00:32 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 00:32 - 2015-05-23 00:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 00:32 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-23 00:32 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-23 00:32 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-22 23:59 - 2015-05-23 00:03 - 00000000 ____D () C:\AdwCleaner
2015-05-22 23:59 - 2015-05-22 23:59 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\User1\Desktop\mbam-setup-2.1.6.1022.exe
2015-05-22 23:59 - 2015-05-22 23:59 - 02222592 _____ () C:\Users\User1\Desktop\AdwCleaner_4.205.exe
2015-05-22 23:58 - 2015-05-22 23:58 - 00017144 _____ () C:\Users\User1\Desktop\Urb04YD8.htm
2015-05-22 23:35 - 2015-05-22 23:39 - 00028494 _____ () C:\ComboFix.txt
2015-05-22 22:28 - 2015-05-22 23:36 - 00000000 ____D () C:\Qoobox
2015-05-22 22:28 - 2015-05-22 23:34 - 00000000 ____D () C:\Windows\erdnt
2015-05-22 22:28 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-22 22:28 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-22 22:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-22 22:28 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-22 22:26 - 2015-05-22 22:26 - 05627500 ____R (Swearware) C:\Users\User1\Desktop\ComboFix.exe
2015-05-22 20:12 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Desktop\FRST64.exe
2015-05-22 20:11 - 2015-05-22 20:11 - 00004341 _____ () C:\Users\User1\Desktop\Rem-VBS.log
2015-05-22 20:04 - 2015-05-22 20:04 - 00000000 ____D () C:\ProgramData\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00003108 _____ () C:\Windows\System32\Tasks\PandaUSBVaccine
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-05-22 20:03 - 2015-05-22 20:03 - 00000000 ____D () C:\Program Files (x86)\Panda USB Vaccine
2015-05-22 20:02 - 2015-05-22 20:03 - 00848856 _____ (Panda Security ) C:\Users\User1\Desktop\USBVaccineSetup.exe
2015-05-22 17:10 - 2015-05-22 20:10 - 00004350 _____ () C:\Rem-VBS.log
2015-05-22 17:10 - 2015-05-22 17:10 - 00098816 _____ (bartblaze) C:\Users\User1\Desktop\Rem-VBSworm_4.0.exe
2015-05-22 17:00 - 2015-05-22 17:00 - 00475336 _____ () C:\Windows\Minidump\052215-20061-01.dmp
2015-05-22 15:20 - 2015-05-22 15:20 - 00050445 _____ () C:\Users\User1\Downloads\gmer.log
2015-05-22 15:06 - 2015-05-22 15:06 - 00477976 _____ () C:\Windows\Minidump\052215-21216-01.dmp
2015-05-22 13:59 - 2015-05-22 13:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-22 13:52 - 2015-05-22 14:06 - 00032697 _____ () C:\Users\User1\Downloads\Addition.txt
2015-05-22 13:51 - 2015-05-22 13:51 - 00019213 _____ () C:\Users\User1\Downloads\Downloads.rar
2015-05-22 13:40 - 2015-05-22 14:06 - 00046269 _____ () C:\Users\User1\Downloads\FRST.txt
2015-05-22 13:39 - 2015-05-23 12:31 - 00000000 ____D () C:\FRST
2015-05-22 13:38 - 2015-05-22 13:38 - 00380416 _____ () C:\Users\User1\Downloads\Gmer-19357.exe
2015-05-22 13:38 - 2015-05-22 13:38 - 00000548 _____ () C:\Users\User1\Downloads\defogger_disable.log
2015-05-22 13:38 - 2015-05-22 13:38 - 00000168 _____ () C:\Users\User1\defogger_reenable
2015-05-22 13:37 - 2015-05-22 13:37 - 02108416 _____ (Farbar) C:\Users\User1\Downloads\FRST64.exe
2015-05-22 13:37 - 2015-05-22 13:37 - 00050477 _____ () C:\Users\User1\Downloads\Defogger.exe
2015-05-22 01:37 - 2015-05-22 01:37 - 01580544 _____ () C:\Users\User1\Downloads\code_gen_tools.ppt
2015-05-21 12:35 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 12:35 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-21 01:24 - 2015-05-21 01:24 - 01510287 _____ () C:\Users\User1\Downloads\am_ET.zip
2015-05-21 01:23 - 2015-05-21 01:23 - 01863318 _____ () C:\Users\User1\Downloads\ti_ER.zip
2015-05-20 12:52 - 2015-05-20 12:52 - 00000025 _____ () C:\Users\User1\Downloads\ATT00002
2015-05-18 15:30 - 2015-05-18 15:51 - 00000000 ____D () C:\Users\User1\Documents\Board
2015-05-18 15:07 - 2015-05-18 15:08 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll
2015-05-13 10:29 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:29 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:29 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:29 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:29 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:29 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:29 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:29 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:29 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:29 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:29 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:29 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:29 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:29 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:29 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:29 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:29 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:29 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:29 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:29 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:29 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:29 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:29 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:29 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:29 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:29 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:29 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:29 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:29 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:29 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:29 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:29 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:29 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:29 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:29 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:29 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:29 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:29 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:29 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:29 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:29 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:29 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:29 - 2015-04-04 05:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:29 - 2015-04-04 05:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:29 - 2015-04-04 05:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:29 - 2015-04-04 05:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:29 - 2015-04-04 05:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:29 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:29 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:29 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:29 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:29 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:27 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:27 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:27 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:27 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:27 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:27 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:27 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:27 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:27 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:09 - 2015-05-12 21:09 - 00000000 ____D () C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸰㈱㬸圠湩潤獷㜠倠潲敦獳潩慮㭎匠牥楶散倠捡㬱唠楮整⁤瑓瑡獥※㘱敢㐶〰㔰昰㜲㈸㤴敥挶㉡〱㐴ㄳ㜸㌵㉤㔷戹※〰〰㐱㤹㘹䄭䡖䕏〭〰〰㄰※单※啂䱉⁄㔱〮ㄮ⸰㌴㬴ㄠ※㬰ㄠ※潧杯敬挠牨浯㭥ㄠ※㈸捣㥣㠰扡㤲㜴挶㤸㉦㠳昸摣㍢㝡㠴敦捤〵晦※⤰
2015-05-09 03:03 - 2015-05-09 19:53 - 00000000 ____D () C:\Users\Robel\AppData\Local\VMware
2015-05-09 03:03 - 2015-05-09 19:49 - 00000000 ____D () C:\Users\Robel\AppData\Roaming\VMware
2015-05-09 03:03 - 2015-05-09 03:03 - 00001636 _____ () C:\Users\Robel\Desktop\vmplayer - Shortcut.lnk
2015-05-09 03:00 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-05-09 03:00 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-05-09 02:59 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-05-09 02:59 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-05-09 02:59 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-05-09 02:58 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-05-09 02:58 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-05-09 02:58 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-05-09 02:57 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-05-09 02:53 - 2015-05-09 02:53 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-05-09 02:52 - 2015-05-23 12:28 - 00000000 ____D () C:\ProgramData\VMware
2015-05-09 02:52 - 2015-05-09 02:52 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-05-09 02:51 - 2015-05-09 02:51 - 00000000 ____D () C:\Users\Robel\AppData\Local\Adobe
2015-05-09 02:49 - 2015-05-09 02:49 - 79155192 _____ (VMware, Inc.) C:\Users\Robel\Downloads\VMware-player-7.1.0-2496824.exe
2015-04-29 19:38 - 2015-04-29 19:38 - 00000000 ____D () C:\Users\Robel\AppData\Roaming\TeamViewer
2015-04-29 18:10 - 2015-04-29 18:10 - 00000000 ____D () C:\Users\Robel\AppData\Local\TeamViewer
2015-04-24 09:36 - 2015-04-24 09:36 - 00011686 _____ () C:\Users\User1\Downloads\jhk3_churdisc.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 12:32 - 2013-08-06 23:08 - 01123916 _____ () C:\Windows\WindowsUpdate.log
2015-05-23 12:29 - 2013-08-06 17:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 12:28 - 2010-11-21 05:47 - 00218920 _____ () C:\Windows\PFRO.log
2015-05-23 12:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 12:28 - 2009-07-14 06:56 - 00051006 _____ () C:\Windows\setupact.log
2015-05-23 12:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2015-05-23 12:05 - 2013-08-06 17:54 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-23 12:05 - 2013-08-06 17:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-23 11:28 - 2013-10-13 18:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 11:07 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-23 11:07 - 2009-07-14 06:50 - 00020112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-23 02:07 - 2011-04-12 09:43 - 00000000 ____D () C:\Windows\ShellNew
2015-05-23 00:09 - 2009-07-14 07:12 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 23:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-22 23:31 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-22 23:29 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-22 20:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-22 17:00 - 2013-11-18 17:57 - 562316340 _____ () C:\Windows\MEMORY.DMP
2015-05-22 17:00 - 2013-11-18 17:57 - 00000000 ____D () C:\Windows\Minidump
2015-05-22 17:00 - 2013-08-06 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-22 14:08 - 2014-07-27 09:40 - 00000000 ____D () C:\Program Files (x86)\Everything
2015-05-22 14:04 - 2013-08-06 17:55 - 00000000 ____D () C:\Users\User1\AppData\Roaming\Notepad++
2015-05-22 13:47 - 2013-08-06 17:55 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-05-22 13:38 - 2013-08-06 14:12 - 00000000 ____D () C:\Users\User1
2015-05-22 12:08 - 2009-07-14 06:50 - 00435952 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-22 12:03 - 2011-04-12 09:43 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-21 12:49 - 2013-08-06 20:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-21 12:40 - 2013-08-06 19:21 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-21 12:33 - 2013-10-13 18:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-21 12:33 - 2013-08-06 17:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-21 12:33 - 2013-08-06 17:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-21 12:33 - 2013-08-06 17:45 - 00000000 ____D () C:\Users\User1\AppData\Local\Adobe
2015-05-18 20:52 - 2013-08-06 17:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 20:52 - 2013-08-06 17:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-18 15:36 - 2014-02-08 02:05 - 00000000 ____D () C:\Users\User1\Documents\Tekie
2015-05-18 09:46 - 2014-10-18 19:17 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 23:22 - 2014-11-12 15:06 - 00022471 _____ () C:\Users\User1\Documents\2015EGGEKalender.xlsx
2015-05-10 18:51 - 2009-07-14 07:08 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-09 02:53 - 2013-08-06 17:50 - 00799376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-09 02:51 - 2015-04-17 23:40 - 00000000 ____D () C:\Users\Robel\AppData\Roaming\Adobe
2015-05-09 02:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-07 09:23 - 2013-08-06 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-07 09:21 - 2013-08-06 16:05 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-07 09:21 - 2013-08-06 16:05 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-02 21:16 - 2014-12-03 21:38 - 00002286 _____ () C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:38 - 00002278 _____ () C:\Users\User1\Desktop\Logos Bible Software.lnk
2015-05-02 21:16 - 2014-12-03 21:35 - 00000000 ____D () C:\Users\User1\AppData\Local\Logos
2015-04-29 14:09 - 2013-09-13 11:34 - 00000000 ____D () C:\USB-Stick

==================== Files in the root of some directories =======

2013-08-06 17:39 - 2013-08-06 17:44 - 0000435 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\User1\AppData\Local\Temp\avgnt.exe
C:\Users\User1\AppData\Local\Temp\Quarantine.exe
C:\Users\User1\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\䁉⸱㬳湁楴楖⵲䝎灕⽤㔱〮ㄮ⸰㌴‴倨剅㭓圠卋※久※噁⁅⸸⸳〳㌮㬲嘠䙄㠠ㄮ⸱㌲⸳〱※楗摮睯⁳‷牐景獥楳湯污丠※敓癲捩⁥慐正ㄠ※湕瑩摥匠慴整㭳ㄠ戶㙥〴〰〵㉦㠷㐲改㙥慣ㄲ㐰㌴㠱㔷搳㜲㤵㭢〠〰㄰㤴㤹ⴶ噁佈ⵅ〰〰〰㬱唠㭓䈠䥕䑌ㄠ⸵⸰〱㐮㐳※㬱〠※㬱朠潯汧⁥档潲敭※㬱㠠挲捣〹愸㉢㐹㘷㡣昹㌲㠸捦扤愳㐷昸摥㕣昰㭦〠)es脤糞o耀Taerdl.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 12:40

==================== End of log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-05-2015
Ran by User1 at 2015-05-23 11:12:07
Running from C:\Users\User1\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3091468761-2761277806-1813091140-500 - Administrator - Disabled)
Guest (S-1-5-21-3091468761-2761277806-1813091140-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3091468761-2761277806-1813091140-1002 - Limited - Enabled)
User1 (S-1-5-21-3091468761-2761277806-1813091140-1000 - Administrator - Enabled) => C:\Users\User1
User2 (S-1-5-21-3091468761-2761277806-1813091140-1004 - Administrator - Enabled) => C:\Users\User2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
airtel mobile broadband (HKLM-x32\...\airtel mobile broadband) (Version: 23.009.09.00.1137 - Huawei Technologies Co.,Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Kindle (HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\...\Amazon Kindle) (Version:  - Amazon)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C1C01}) (Version: 12.28.1.1270 - APN, LLC)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
ChinaNet client (HKLM-x32\...\C+WClient_is1) (Version:  - )
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Lenovo Patch Utility (x32 Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.02 - )
Lexware buchhalter 2011 (HKLM-x32\...\{2B443CC6-7EBE-43FF-91A8-6AC3B5A085FD}) (Version: 16.30.00.0179 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Logos Bible Software (HKLM-x32\...\{97F2112F-E722-447F-A86D-3D009CB50D1F}) (Version: 6.32.43 - Faithlife Corporation)
Logos Prerequisites (HKLM\...\{8A9FC733-33EF-4840-A13F-B83FDDCB6446}) (Version: 6.0.1966 - Faithlife Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50524.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.211.0 - Tracker Software Products Ltd)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.55 - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tavultesoft Keyman Desktop 8.0 (HKLM-x32\...\{A6855BFD-9E52-4BD8-8CB8-181A25A37468}) (Version: 8.0.355.0 - Tavultesoft Pty Ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
theWord (HKLM-x32\...\The Word) (Version: 4.0.0.1342 - Costas Stergiou)
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.8.50 - Conexant Systems)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.9 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3091468761-2761277806-1813091140-1000_Classes\CLSID\{319A0316-DF84-4B3C-8117-349B7E98E613}\localserver32 -> C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe (Faithlife / Logos Bible Software)

==================== Restore Points =========================

12-05-2015 07:01:57 Scheduled Checkpoint
20-05-2015 01:14:10 Scheduled Checkpoint
21-05-2015 12:34:35 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-05-22 22:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4B59361A-4571-451E-93DA-CC855D9332B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {5BA17A4B-3A9B-4078-9F65-0244E1B6926B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2013-06-26] (Lenovo Group Limited)
Task: {81913113-8747-4B76-B2E6-F9FBC02F8B2F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-29] (Synaptics Incorporated)
Task: {CB1FD7CB-6D4A-4589-9CA2-E2D679999197} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
Task: {D70B3C85-9621-4D35-820E-49C3A79E3F9A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {EDEEFBC7-A010-42FD-A3A1-98D7E3D9A0FB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-08-06 15:16 - 2013-10-29 02:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-06 15:04 - 2013-06-26 06:55 - 00094208 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2013-08-06 17:57 - 2011-10-26 17:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-12-13 11:43 - 2012-11-12 07:59 - 00657504 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\ouc.exe
2011-03-14 17:27 - 2011-03-14 17:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2013-08-06 17:18 - 2013-08-06 17:18 - 00151552 _____ () C:\Windows\KMService.exe
2014-12-13 11:43 - 2009-01-10 20:32 - 00011362 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\mingwm10.dll
2014-12-13 11:43 - 2009-06-23 04:42 - 00043008 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 02417152 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtCore4.dll
2014-12-13 11:43 - 2012-10-31 11:14 - 01148416 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtNetwork4.dll
2014-12-13 11:43 - 2012-11-12 05:48 - 00843264 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QueryStrategy.dll
2014-12-13 11:43 - 2012-10-31 11:11 - 00398336 _____ () C:\ProgramData\airtel mobile broadband\OnlineUpdate\QtXml4.dll
2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2015-04-16 00:11 - 2015-04-16 00:11 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3091468761-2761277806-1813091140-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C603B2D9-21E2-4EF0-AE14-FE10C5061857}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{D9864F20-4031-436E-8B4B-04FF7ADA5642}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [UDP Query User{39815DF0-E485-409E-8829-10DCA33B8DC0}C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe] => (Block) C:\users\User1\desktop\microsoft.office.2010.professionalplus.english.with.sp1.vl.edition-zwtiso\microsoft.office.2010.professionalplus.with.sp1.vl.edition-zwtiso\keygen.exe
FirewallRules: [{FA68263D-A7F8-4760-90C3-0A4DC4C26F38}] => (Allow) C:\Users\User1\AppData\Local\Temp\7zS7EAA\OJP8500vA909_Basic_14\setup\hpznui40.exe
FirewallRules: [{8DEA18E8-72A0-4E7D-AF89-AF9A2CFEC53C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{68575677-6D81-48C4-8063-EC8792BDF376}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{034D2336-2B83-4248-9525-821FBE7234B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{553378B0-A15D-4B7D-B6E7-BD016944695F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A71AB482-731B-41EA-AD3B-797DE600905F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{46A8CC2F-B311-41B6-85AC-A2E401B3FC1A}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{B17B3F12-0779-474A-A631-BEB926033B91}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{0D3E78B3-F89B-46CF-B4AC-53CD0A8ED84D}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [UDP Query User{230E03C0-12DE-4653-9519-D6DD6D4C7F7F}C:\program files (x86)\freecall.com\freecall\freecall.exe] => (Allow) C:\program files (x86)\freecall.com\freecall\freecall.exe
FirewallRules: [TCP Query User{CCD3D2AE-50F2-4FA6-81DC-E8760D635790}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{70B9BD52-1C41-4139-96AA-6C35E057A6A7}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{EB67BC42-4E65-4DE5-9336-73B42B51E801}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{11CB2D2E-CFA2-43B5-943A-ACB02FD3E624}C:\users\User1\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\User1\appdata\local\akamai\netsession_win.exe
FirewallRules: [{C3A14983-C451-4C67-9FE3-14F5717CB255}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{79C28DAF-6B66-4788-A2E3-9B51270A9618}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{96B56B09-35BF-46FA-9C7F-40564F844CB0}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{EE6FB97A-8F05-4F21-9C78-3D33780A0A17}] => (Allow) C:\Users\User1\AppData\Local\Logos\Logos.exe
FirewallRules: [{CFD16DB8-EA23-43E3-8688-96AC99015785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{3B217217-32D9-447C-B4A3-AE6EBC38BF38}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{000180F4-0528-407F-8965-345B2A03EF58}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{FB4920D6-04FD-4FBA-824F-8A3B43CEE84C}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosIndexer.exe
FirewallRules: [{A415DA29-76D7-47CB-9E92-5FC584C60D99}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{71A1F43B-D5F3-418D-B2C6-30B96FC3B427}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{A40A54EA-C33C-4871-9205-0C3932C2A487}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{5C7C88C6-B7C7-41EF-BCE6-0736B1FF9975}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCEF.exe
FirewallRules: [{B0BA9CDC-09DB-4CD0-AEA7-D7DC7AFA75D7}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{98C6CFF7-23FC-4FEE-A444-A0FB6046030A}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{C3C73836-6DD7-4781-87D6-1B51EF10FDBC}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{B6B65253-AD14-4199-AE3A-0F4A577B1D39}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosCom.exe
FirewallRules: [{F9E57C67-7D52-457C-9455-DA81FC9FF785}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{1A78C77F-5A05-4624-8C72-772A2D6A23AA}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{0C661DD6-74E8-4129-8B3C-920B6FC02C26}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{7F051E51-3990-4617-BD32-7FF3CA499F10}] => (Allow) C:\Users\User1\AppData\Local\Logos\System\LogosUpdater.exe
FirewallRules: [{80264983-707E-41E6-B1EA-423421CB1027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6938CF55-6D4F-4478-914A-23950D7EBA9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{38E895D8-7BEA-4939-AF5C-D275E8F1160A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D17CF9BE-852A-4E6F-A39C-1C426FA60AE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2E11BA6F-7726-4B58-90BC-178FCE9F6EDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B14D310F-7A47-4A74-99C0-E0BA667F464C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2533C136-0BA8-488F-A5AE-BFEC550C9EEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6880C31B-818C-44B9-B69F-31502841DBB1}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{3F0A28AE-A58D-40BE-825D-D56F7701CAF8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: HP Color LaserJet CM2320fxi MFP
Description: HP Color LaserJet CM2320fxi MFP
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet Pro 8500 A909a
Description: Officejet Pro 8500 A909a
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ThinkPad Bluetooth 3.0
Description: ThinkPad Bluetooth 3.0
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 10:59:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 02:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0


System errors:
=============
Error: (05/23/2015 11:02:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BEN-R510-P510
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8F0A70B0-0BAD-46B7-AA01-496416BC402B}.
The master browser is stopping or an election is being forced.

Error: (05/23/2015 11:00:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/23/2015 11:00:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 10:59:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/23/2015 10:59:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/23/2015 02:09:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/23/2015 02:07:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The airtel mobile broadband. OUC service failed to start due to the following error:
%%1053

Error: (05/23/2015 02:07:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the airtel mobile broadband. OUC service to connect.

Error: (05/23/2015 02:06:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/23/2015 00:05:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office:
=========================
Error: (05/23/2015 10:59:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 02:08:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path17900

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path23808600

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path21808600

Error: (05/23/2015 01:24:49 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path18808600

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path43900

Error: (05/23/2015 00:25:23 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Eap method DLL path25900


CodeIntegrity Errors:
===================================
  Date: 2015-05-22 22:35:19.756
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-05-22 22:35:19.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8051.67 MB
Available physical RAM: 6033.46 MB
Total Pagefile: 16101.53 MB
Available Pagefile: 13883.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:247.82 GB) (Free:144.67 GB) NTFS
Drive d: (WinData) (Fixed) (Total:465.66 GB) (Free:105.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1D280516)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=247.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=217.9 GB) - (Type=05)
Partition 4: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of log ============================

deeprybka 23.05.2015 16:35
Du musst Office deinstallieren.

Steht doch klar in den Regeln: http://www.trojaner-board.de/95394-c...-software.html

RM1a 23.05.2015 17:20
Ok, Office ist deinstalliert.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131