Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a key logger; Antivir and Emsisoft having issues running


  • This topic is locked This topic is locked
18 replies to this topic

#1 3drea

3drea

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 06 December 2015 - 05:13 AM

my laptop is infected with a key logger. Avira detected it at first with a notification and a voice (not sure what program the voice was from that stated a key logger was installed). I followed the manual remove of malware by installing malwarebytes and Emsisoft and ran them with Avira. Avira scan kept stopping halfway. Emsisoft completed a full scan and found nothing, but now says it can't open as it's waiting for a service to start (perhaps I turned something off during the Autoruns tutorial). Malwarebytes found PUP.Optional.Showpass x 2 and PUP.Optional.BestPriceNinja x 2. Avira is working now but doesn't report anything else.

 

--------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by drea (administrator) on NUKE (06-12-2015 19:52:55)
Running from C:\Users\drea\Downloads\frst
Loaded Profiles: drea &  (Available Profiles: drea & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Side Effects Software Inc.) C:\Windows\System32\sesinetd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Side Effects Software Inc.) C:\Windows\System32\hserver.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4886608 2015-03-24] (Emsisoft GmbH)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [uTorrent] => C:\Users\drea\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Spotify Web Helper] => C:\Users\drea\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Dropbox Update] => C:\Users\drea\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1339464 2015-03-05] (Enounce Incorporated)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [GoogleChromeAutoLaunch_8767DDD61F9081AEE4E21A9D9E2D32DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\drea\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\drea\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\drea\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1339464 2015-03-05] (Enounce Incorporated)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8767DDD61F9081AEE4E21A9D9E2D32DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-03-22]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-06] ()
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\drea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Drive.lnk [2014-08-15]
ShortcutTarget: Google Drive.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c2ac1878-c16f-4e04-b53e-475ab6fc703e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c999d398-4e4f-40a6-9086-fb596487033d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{e9be5813-4179-4efb-92c6-08e52c657415}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-15] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\drea\AppData\Roaming\Mozilla\Firefox\Profiles\jAzQOXsN.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\drea\AppData\Roaming\Mozilla\Firefox\Profiles\jAzQOXsN.default\Extensions\abs@avira.com [2014-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-08-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://www.google.com/calendar/renderOnline","hxxps://schub.smartcitycollege.edu.au/login/index.php","hxxp://scv-elearning.mywisenet.com.au/admin/user.php"
CHR DefaultSearchURL: Default -> hxxps://mail.google.com/mail/u/0/?tab=om#inbox
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-12-01]
CHR Extension: (Skype Calling) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-12-01]
CHR Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2015-12-01]
CHR Extension: (Adblock Plus) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-01]
CHR Extension: (Chrome Speak) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\diagnfimeecdcecjpnkjgbnlelkclcpj [2015-12-01]
CHR Extension: (User-Agent Switcher) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2015-12-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-12-01]
CHR Extension: (Text to Speech App) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\foboeiajimhaijdbfnknapkoiadkohio [2015-12-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-12-01]
CHR Extension: (HTTPS Everywhere) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
CHR Extension: (AdBlock) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (A Journey through Middle-earth) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2015-12-01]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-12-06]
CHR Extension: (Coggle) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcapocoafbfccjgdgammadkndakcfoi [2015-12-01]
CHR Extension: (Rapportive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2015-12-01]
CHR Extension: (Office Online Copy and Paste) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2015-12-01]
CHR Extension: (Voice Recognition) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-12-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-28]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-12-01]
CHR Extension: (Ghostery) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-01]
CHR Extension: (Video Speed Controller) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Toggl Button) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2015-12-03]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Google Docs) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2015-07-03]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\biceobciobbhhkplgocbaigojbnepcoi [2015-07-03]
CHR Extension: (YouTube) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Adblock Plus) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-10]
CHR Extension: (Google Search) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Google Sheets) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-07-03]
CHR Extension: (Avira Browser Safety) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (AdBlock) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Sheets) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (No Name) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\drea\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-19]
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\drea\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-19]
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2015-11-28] (Emsisoft Ltd)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-15] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-08-05] (Reprise Software Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 HoudiniLicenseServer; C:\Windows\system32\sesinetd.exe [2648576 2014-09-20] (Side Effects Software Inc.) [File not signed]
R2 HoudiniServer; C:\Windows\system32\hserver.exe [2460672 2014-05-20] (Side Effects Software Inc.) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-30] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-15] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-03] (Avira Operations GmbH & Co. KG)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [138504 2015-11-28] (Emsisoft GmbH)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268048 2015-10-06] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
S4 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [42528 2015-11-08] ( )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.)
S4 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2015-07-10] (Microsoft Corporation)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-08-19] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
S4 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 19:52 - 2015-12-06 19:52 - 00000000 ____D C:\Users\drea\Downloads\frst
2015-12-06 19:52 - 2015-12-06 19:52 - 00000000 ____D C:\FRST
2015-12-06 19:50 - 2015-12-06 19:50 - 00016148 _____ C:\WINDOWS\system32\NUKE_drea_HistoryPrediction.bin
2015-12-06 18:10 - 2015-12-06 18:10 - 00016148 _____ C:\WINDOWS\system32\NUKE_Administrator_HistoryPrediction.bin
2015-12-06 17:56 - 2015-12-06 18:10 - 00260088 _____ C:\WINDOWS\ntbtlog.txt
2015-12-06 10:23 - 2015-12-06 10:23 - 00000000 ____D C:\Autoruns
2015-12-06 09:48 - 2015-12-06 09:49 - 00000000 ____D C:\Users\drea\Downloads\Autoruns
2015-12-01 08:37 - 2015-12-01 08:37 - 00000000 ____D C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-28 19:49 - 2015-07-05 20:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-28 19:22 - 2015-11-28 19:22 - 00000000 ____D C:\ProgramData\Emsisoft
2015-11-28 11:00 - 2015-11-28 21:30 - 00138504 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-11-28 11:00 - 2015-11-28 11:00 - 00001167 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-11-28 11:00 - 2015-11-28 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-11-28 10:59 - 2015-12-06 18:16 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-11-28 10:47 - 2015-11-28 10:54 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\drea\Downloads\EmsisoftAntiMalwareSetup.exe
2015-11-28 09:29 - 2015-12-06 18:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 09:28 - 2015-11-28 09:28 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 09:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-28 09:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-28 09:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-28 09:24 - 2015-11-28 09:27 - 22908888 _____ (Malwarebytes ) C:\Users\drea\Downloads\mbam-setup.exe
2015-11-22 11:22 - 2015-11-22 11:22 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2015-11-22 11:18 - 2014-02-19 01:09 - 00603424 _____ (HP) C:\WINDOWS\SysWOW64\hpcdmc32.DLL
2015-11-22 11:18 - 2014-02-19 01:08 - 00447776 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn165.dll
2015-11-22 11:18 - 2014-02-19 01:05 - 00446240 _____ (Hewlett Packard Corporation) C:\WINDOWS\SysWOW64\hpcc3165.DLL
2015-11-19 21:59 - 2015-11-19 22:00 - 00000000 ____D C:\Users\drea\Documents\the devine river
2015-11-19 21:57 - 2015-11-19 22:04 - 09174528 _____ (Kinovea) C:\Users\drea\Downloads\Kinovea.Setup.0.8.15 (1).exe
2015-11-19 21:51 - 2015-11-19 21:56 - 09768208 _____ (Kinovea) C:\Users\drea\Downloads\Kinovea.Setup.0.8.15.exe
2015-11-19 21:35 - 2015-11-19 21:40 - 406885625 _____ C:\Users\drea\Desktop\TIMECODE_CUT_COPY_DRIVE_Mar_23.mov
2015-11-19 08:13 - 2015-11-19 08:15 - 52895272 _____ (PortableApps.com) C:\Users\drea\Downloads\MuseScorePortable_2.0.2.paf.exe
2015-11-17 15:56 - 2015-11-17 16:00 - 49828873 _____ C:\Users\drea\Downloads\MuseScore-2.0.2.msi
2015-11-15 21:22 - 2015-11-15 21:22 - 00374322 _____ C:\Users\drea\Downloads\mybills8.pdf
2015-11-15 16:01 - 2015-11-15 16:01 - 00000916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-11-15 16:01 - 2015-11-15 16:01 - 00000000 ____D C:\Program Files\Angry IP Scanner
2015-11-15 10:54 - 2015-11-15 10:58 - 02956217 _____ C:\Users\drea\Downloads\ipscan-3.4-setup.exe
2015-11-14 08:53 - 2015-11-14 08:53 - 00000000 ____D C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-13 18:04 - 2015-11-13 18:04 - 00232872 _____ (Spotify Ltd) C:\Users\drea\Downloads\SpotifySetup (1).exe
2015-11-11 16:45 - 2015-11-05 15:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 16:45 - 2015-11-05 15:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 16:45 - 2015-11-05 15:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 16:45 - 2015-11-05 15:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 16:45 - 2015-11-05 15:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 16:45 - 2015-11-05 15:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 16:45 - 2015-11-05 15:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 16:45 - 2015-11-05 15:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 16:45 - 2015-11-05 14:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 16:45 - 2015-11-05 14:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 16:45 - 2015-11-05 14:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 16:45 - 2015-11-05 14:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 16:45 - 2015-11-05 14:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 16:45 - 2015-11-05 14:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 16:45 - 2015-11-05 14:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 16:45 - 2015-11-05 14:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 16:45 - 2015-11-05 14:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 16:45 - 2015-11-05 14:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 16:45 - 2015-11-05 14:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 16:45 - 2015-11-05 14:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 16:45 - 2015-11-05 14:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 16:45 - 2015-11-05 14:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 16:45 - 2015-11-05 14:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 16:45 - 2015-11-05 14:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 16:45 - 2015-11-05 14:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 16:45 - 2015-11-05 14:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 16:45 - 2015-11-05 14:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 16:45 - 2015-11-05 13:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 16:45 - 2015-11-05 13:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 16:45 - 2015-11-05 13:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 16:45 - 2015-11-05 13:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 16:45 - 2015-11-05 13:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 16:45 - 2015-11-05 13:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 16:45 - 2015-11-05 13:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 16:45 - 2015-11-05 13:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 16:45 - 2015-11-05 13:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 16:45 - 2015-11-05 13:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 16:45 - 2015-11-05 13:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 16:45 - 2015-11-05 13:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 16:45 - 2015-11-05 13:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 16:45 - 2015-11-05 13:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 16:45 - 2015-11-05 13:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 16:45 - 2015-11-05 13:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 16:45 - 2015-11-05 13:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 16:45 - 2015-11-05 13:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 16:45 - 2015-11-05 13:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 16:45 - 2015-11-05 13:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 21:44 - 2015-11-09 21:51 - 00183973 _____ C:\Users\drea\Downloads\DarrenRea_Resume_Animator.pdf
2015-11-08 10:48 - 2015-11-08 10:48 - 00042528 _____ ( ) C:\WINDOWS\system32\Drivers\PXGX112.sys
2015-11-06 12:53 - 2015-11-06 12:53 - 06418197 _____ C:\WINDOWS\system32\DGN2200-V1.0.0.42_7.0.42NA.chk
2015-11-06 12:53 - 2015-11-06 12:53 - 06414101 _____ C:\WINDOWS\system32\DGN2200-V1.0.0.42_7.0.42.chk
2015-11-06 12:53 - 2015-11-06 12:53 - 00237637 _____ C:\WINDOWS\system32\nbt.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00231936 _____ C:\WINDOWS\system32\3500_256.dll
2015-11-06 12:53 - 2015-11-06 12:53 - 00038912 _____ C:\WINDOWS\system32\FirmwareRecovery.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00033792 _____ (j. montgomery) C:\WINDOWS\system32\DnDns.dll
2015-11-06 12:53 - 2015-11-06 12:53 - 00008704 _____ (Microsoft) C:\WINDOWS\system32\readyshare.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00008192 _____ (foxconn) C:\WINDOWS\system32\detectUtility.exe
2015-11-06 11:04 - 2015-12-06 18:12 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-06 09:30 - 2015-11-06 09:30 - 00000000 __RHD C:\MSOCache
2015-11-06 09:20 - 2015-11-06 09:20 - 00000000 ____D C:\Users\drea\Desktop\TD
2015-11-06 09:18 - 2015-11-06 09:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2015-11-06 09:14 - 2015-11-06 09:38 - 00000000 ____D C:\Users\drea\Desktop\MacRae Presentation Pics
2015-11-06 09:13 - 2015-11-06 09:13 - 00002403 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-06 09:13 - 2015-11-06 09:13 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-11-06 09:11 - 2015-11-06 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2015-11-06 09:09 - 2015-11-06 09:09 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WTablet
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 19:52 - 2015-07-10 19:05 - 00000000 ____D C:\Windows
2015-12-06 19:51 - 2015-06-28 09:40 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3080413440-1471056018-455970439-1002UA.job
2015-12-06 19:37 - 2015-01-04 20:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-06 19:37 - 2014-08-06 00:49 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 18:27 - 2015-08-10 21:24 - 00001212 _____ C:\Users\drea\Desktop\TogglDesktop.lnk
2015-12-06 18:27 - 2015-04-27 20:42 - 00002340 _____ C:\Users\drea\Desktop\Darren - Chrome.lnk
2015-12-06 18:27 - 2014-08-12 22:02 - 00001054 _____ C:\Users\drea\Desktop\Unified Remote.lnk
2015-12-06 18:27 - 2014-08-10 19:57 - 00001754 _____ C:\Users\drea\Desktop\Google Drive.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001777 _____ C:\Users\drea\Desktop\NukeAssist 8.0v5.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001761 _____ C:\Users\drea\Desktop\NukeX 8.0v5.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001751 _____ C:\Users\drea\Desktop\Nuke 8.0v5.lnk
2015-12-06 18:13 - 2014-08-06 00:49 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 18:12 - 2015-08-17 08:25 - 00000000 __SHD C:\Users\drea\IntelGraphicsProfiles
2015-12-06 18:12 - 2014-08-06 11:00 - 00000000 ____D C:\ProgramData\Reprise
2015-12-06 18:11 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-06 18:11 - 2015-07-10 19:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 11:50 - 2015-06-28 09:40 - 00000872 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3080413440-1471056018-455970439-1002Core.job
2015-12-06 09:26 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-06 09:20 - 2015-08-16 23:24 - 00000000 ____D C:\Users\drea
2015-12-05 22:00 - 2015-08-24 15:50 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{465550CD-A897-4084-8BD8-CC2C71DC5592}
2015-12-05 08:42 - 2014-08-07 19:00 - 00000000 ____D C:\Users\drea\AppData\Roaming\Skype
2015-12-05 08:35 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 20:32 - 2014-08-06 00:49 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 20:32 - 2014-08-06 00:49 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 15:32 - 2014-08-06 00:52 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 11:38 - 2014-09-20 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-03 11:37 - 2014-09-20 14:31 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-12-01 21:52 - 2014-08-07 22:09 - 00000000 ____D C:\Users\drea\AppData\Local\Spotify
2015-12-01 21:52 - 2014-08-07 22:07 - 00000000 ____D C:\Users\drea\AppData\Roaming\Spotify
2015-11-29 17:31 - 2015-08-29 21:24 - 00000000 ____D C:\Users\drea\Desktop\New folder (4)
2015-11-29 15:58 - 2014-08-07 17:22 - 00000000 ____D C:\Users\drea\AppData\Local\Adobe
2015-11-28 16:12 - 2015-08-16 23:21 - 00969890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 16:12 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 16:11 - 2015-08-16 23:24 - 00000000 ____D C:\Users\Administrator
2015-11-28 14:20 - 2014-08-10 19:57 - 00000000 ___RD C:\Users\drea\Google Drive
2015-11-25 11:51 - 2015-07-10 21:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 11:51 - 2015-06-13 14:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-25 11:31 - 2014-08-10 19:05 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-22 11:20 - 2014-01-19 11:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-22 11:16 - 2014-10-27 11:17 - 00047104 ___SH C:\Users\drea\Downloads\Thumbs.db
2015-11-19 23:26 - 2014-08-07 16:25 - 00000000 ____D C:\Users\drea\AppData\Roaming\vlc
2015-11-19 22:24 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-19 21:58 - 2015-08-16 20:29 - 00000000 ____D C:\Users\drea\Documents\Adobe
2015-11-19 20:53 - 2015-10-17 22:30 - 00000265 ____R C:\Users\drea\p4tickets.txt
2015-11-19 18:36 - 2014-08-15 22:31 - 00003226 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordrea
2015-11-19 18:36 - 2014-08-15 22:31 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordrea.job
2015-11-16 11:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 19:20 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-15 18:59 - 2014-08-08 10:36 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-15 18:59 - 2014-08-08 10:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 08:53 - 2014-09-21 10:12 - 00000000 ____D C:\Users\drea\AppData\Roaming\Dropbox
2015-11-11 21:19 - 2015-08-31 20:28 - 00001214 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-11 21:18 - 2014-03-22 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 17:23 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-09 20:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-06 09:12 - 2014-09-21 16:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-11-06 09:09 - 2014-08-06 00:11 - 00000000 __RHD C:\Users\Public\AccountPictures
 
==================== Files in the root of some directories =======
 
2014-10-17 12:41 - 2015-06-27 21:40 - 0000132 _____ () C:\Users\drea\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-06 17:37 - 2014-10-31 00:06 - 0007669 _____ () C:\Users\drea\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\drea\AppData\Local\Temp\avgnt.exe
C:\Users\drea\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjup2zp.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 07:36
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 06 December 2015 - 05:18 AM

Sorry, there were time out issues while posting, so I had no confirmation that it had posted already.

Attached Files


Edited by Queen-Evie, 06 December 2015 - 07:32 AM.
posted as separate topic which was merged with this one.


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 06 December 2015 - 06:57 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
  • Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.
Shall we begin then?

===


Meanwhile please give me some time to review your logs and I will be back with instructions.

Regards,
Alex

Edited by Queen-Evie, 06 December 2015 - 07:33 AM.
deleted reference to post FRST log after merging post #2 into this topic


#4 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 07 December 2015 - 01:12 AM

Hi Alex,

 

Thank you so much for helping me out and looking through my logs....

 

Your list seems very fair and I'm happy to oblige. 

 

Please see below for the FRST.txt logs:

-------------------------

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by drea (administrator) on NUKE (06-12-2015 19:52:55)
Running from C:\Users\drea\Downloads\frst
Loaded Profiles: drea &  (Available Profiles: drea & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Side Effects Software Inc.) C:\Windows\System32\sesinetd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe
(Side Effects Software Inc.) C:\Windows\System32\hserver.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
() C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Unified Intents AB) C:\Program Files (x86)\Unified Remote\RemoteServer.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-15] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [803200 2015-12-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [493960 2014-12-05] (Autodesk Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4886608 2015-03-24] (Emsisoft GmbH)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [uTorrent] => C:\Users\drea\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Spotify Web Helper] => C:\Users\drea\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [Dropbox Update] => C:\Users\drea\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1339464 2015-03-05] (Enounce Incorporated)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\...\Run: [GoogleChromeAutoLaunch_8767DDD61F9081AEE4E21A9D9E2D32DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Users\drea\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\drea\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe [333008 2014-07-17] (Unified Intents AB)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\drea\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1339464 2015-03-05] (Enounce Incorporated)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8767DDD61F9081AEE4E21A9D9E2D32DA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-11-24] (Google Inc.)
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\drea\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-03-22]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-12-06] ()
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-09-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\drea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Drive.lnk [2014-08-15]
ShortcutTarget: Google Drive.lnk -> C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c2ac1878-c16f-4e04-b53e-475ab6fc703e}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c999d398-4e4f-40a6-9086-fb596487033d}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{e9be5813-4179-4efb-92c6-08e52c657415}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL14/14
HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3080413440-1471056018-455970439-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-15] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll [2011-03-19] (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-04] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-06-13] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\drea\AppData\Roaming\Mozilla\Firefox\Profiles\jAzQOXsN.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-06-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Extension: Avira Browser Safety - C:\Users\drea\AppData\Roaming\Mozilla\Firefox\Profiles\jAzQOXsN.default\Extensions\abs@avira.com [2014-09-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-08-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/?shva=1#inbox","hxxps://www.google.com/calendar/renderOnline","hxxps://schub.smartcitycollege.edu.au/login/index.php","hxxp://scv-elearning.mywisenet.com.au/admin/user.php"
CHR DefaultSearchURL: Default -> hxxps://mail.google.com/mail/u/0/?tab=om#inbox
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.73\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-12-01]
CHR Extension: (Skype Calling) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-12-01]
CHR Extension: (efTwo (F2) - Advanced Find on Page) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccaikggmppdolhcehimngikgiafmdcep [2015-12-01]
CHR Extension: (Adblock Plus) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-01]
CHR Extension: (Chrome Speak) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\diagnfimeecdcecjpnkjgbnlelkclcpj [2015-12-01]
CHR Extension: (User-Agent Switcher) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2015-12-01]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-12-01]
CHR Extension: (Text to Speech App) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\foboeiajimhaijdbfnknapkoiadkohio [2015-12-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-12-01]
CHR Extension: (HTTPS Everywhere) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-12-01]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
CHR Extension: (AdBlock) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]
CHR Extension: (A Journey through Middle-earth) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2015-12-01]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-12-06]
CHR Extension: (Coggle) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcapocoafbfccjgdgammadkndakcfoi [2015-12-01]
CHR Extension: (Rapportive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2015-12-01]
CHR Extension: (Office Online Copy and Paste) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej [2015-12-01]
CHR Extension: (Voice Recognition) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2015-12-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-28]
CHR Extension: (Lazarus: Form Recovery) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno [2015-12-01]
CHR Extension: (Ghostery) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-01]
CHR Extension: (Video Speed Controller) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2015-12-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
CHR Extension: (Toggl Button) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2015-12-03]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-03]
CHR Extension: (Google Docs) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-03]
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (SPOI Options (Please remove me)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\bdokagampppgbnjfdlkfpphniapiiifn [2015-07-03]
CHR Extension: (Sothink Flash Downloader for Chrome) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\biceobciobbhhkplgocbaigojbnepcoi [2015-07-03]
CHR Extension: (YouTube) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Adblock Plus) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-10-10]
CHR Extension: (Google Search) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Google Sheets) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-03]
CHR Extension: (Google Analytics Opt-out Add-on (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2015-07-03]
CHR Extension: (Avira Browser Safety) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (AdBlock) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-21]
CHR Extension: (Google Voice (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-03]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Google Sheets) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR Profile: C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4
CHR Extension: (No Name) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Users\drea\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\drea\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-19]
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\drea\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-19]
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2015-11-28] (Emsisoft Ltd)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [948392 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466408 2015-12-03] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1418560 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-15] () [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\47.0.2526.18\remoting_host.exe [69448 2015-10-14] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-10-18] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-10-18] (CyberLink)
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2014-08-05] (Reprise Software Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 HoudiniLicenseServer; C:\Windows\system32\sesinetd.exe [2648576 2014-09-20] (Side Effects Software Inc.) [File not signed]
R2 HoudiniServer; C:\Windows\system32\hserver.exe [2460672 2014-05-20] (Side Effects Software Inc.) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-04] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-30] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-09-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-04] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mi-raysat_3dsmax2013_64; C:\Program Files\Autodesk\3ds Max Design 2013\NVIDIA\raysat_3dsmax2013_64server.exe [86016 2011-09-15] () [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-15] (Softex Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-20] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [135880 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146696 2015-12-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [73032 2015-12-03] (Avira Operations GmbH & Co. KG)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-07-10] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [138504 2015-11-28] (Emsisoft GmbH)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [268048 2015-10-06] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-09] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-09] ()
S4 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-08] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-08] ()
S3 massfilter_lte; C:\Windows\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-06] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 PXGX112; C:\Windows\system32\drivers\PXGX112.sys [42528 2015-11-08] ( )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-27] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.)
S4 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [22016 2015-07-10] (Microsoft Corporation)
R3 uvhid; C:\Windows\System32\drivers\uvhid.sys [25592 2015-08-19] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
S4 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 19:52 - 2015-12-06 19:52 - 00000000 ____D C:\Users\drea\Downloads\frst
2015-12-06 19:52 - 2015-12-06 19:52 - 00000000 ____D C:\FRST
2015-12-06 19:50 - 2015-12-06 19:50 - 00016148 _____ C:\WINDOWS\system32\NUKE_drea_HistoryPrediction.bin
2015-12-06 18:10 - 2015-12-06 18:10 - 00016148 _____ C:\WINDOWS\system32\NUKE_Administrator_HistoryPrediction.bin
2015-12-06 17:56 - 2015-12-06 18:10 - 00260088 _____ C:\WINDOWS\ntbtlog.txt
2015-12-06 10:23 - 2015-12-06 10:23 - 00000000 ____D C:\Autoruns
2015-12-06 09:48 - 2015-12-06 09:49 - 00000000 ____D C:\Users\drea\Downloads\Autoruns
2015-12-01 08:37 - 2015-12-01 08:37 - 00000000 ____D C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-11-28 19:49 - 2015-07-05 20:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-28 19:22 - 2015-11-28 19:22 - 00000000 ____D C:\ProgramData\Emsisoft
2015-11-28 11:00 - 2015-11-28 21:30 - 00138504 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-11-28 11:00 - 2015-11-28 11:00 - 00001167 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-11-28 11:00 - 2015-11-28 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-11-28 10:59 - 2015-12-06 18:16 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-11-28 10:47 - 2015-11-28 10:54 - 159485920 _____ (Emsisoft Ltd. ) C:\Users\drea\Downloads\EmsisoftAntiMalwareSetup.exe
2015-11-28 09:29 - 2015-12-06 18:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 09:28 - 2015-11-28 09:28 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 09:28 - 2015-11-28 09:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 09:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-28 09:28 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-28 09:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-28 09:24 - 2015-11-28 09:27 - 22908888 _____ (Malwarebytes ) C:\Users\drea\Downloads\mbam-setup.exe
2015-11-22 11:22 - 2015-11-22 11:22 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2015-11-22 11:18 - 2014-02-19 01:09 - 00603424 _____ (HP) C:\WINDOWS\SysWOW64\hpcdmc32.DLL
2015-11-22 11:18 - 2014-02-19 01:08 - 00447776 _____ (Hewlett-Packard Corporation) C:\WINDOWS\system32\hpcpn165.dll
2015-11-22 11:18 - 2014-02-19 01:05 - 00446240 _____ (Hewlett Packard Corporation) C:\WINDOWS\SysWOW64\hpcc3165.DLL
2015-11-19 21:59 - 2015-11-19 22:00 - 00000000 ____D C:\Users\drea\Documents\the devine river
2015-11-19 21:57 - 2015-11-19 22:04 - 09174528 _____ (Kinovea) C:\Users\drea\Downloads\Kinovea.Setup.0.8.15 (1).exe
2015-11-19 21:51 - 2015-11-19 21:56 - 09768208 _____ (Kinovea) C:\Users\drea\Downloads\Kinovea.Setup.0.8.15.exe
2015-11-19 21:35 - 2015-11-19 21:40 - 406885625 _____ C:\Users\drea\Desktop\TIMECODE_CUT_COPY_DRIVE_Mar_23.mov
2015-11-19 08:13 - 2015-11-19 08:15 - 52895272 _____ (PortableApps.com) C:\Users\drea\Downloads\MuseScorePortable_2.0.2.paf.exe
2015-11-17 15:56 - 2015-11-17 16:00 - 49828873 _____ C:\Users\drea\Downloads\MuseScore-2.0.2.msi
2015-11-15 21:22 - 2015-11-15 21:22 - 00374322 _____ C:\Users\drea\Downloads\mybills8.pdf
2015-11-15 16:01 - 2015-11-15 16:01 - 00000916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Angry IP Scanner.lnk
2015-11-15 16:01 - 2015-11-15 16:01 - 00000000 ____D C:\Program Files\Angry IP Scanner
2015-11-15 10:54 - 2015-11-15 10:58 - 02956217 _____ C:\Users\drea\Downloads\ipscan-3.4-setup.exe
2015-11-14 08:53 - 2015-11-14 08:53 - 00000000 ____D C:\Users\drea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-13 18:04 - 2015-11-13 18:04 - 00232872 _____ (Spotify Ltd) C:\Users\drea\Downloads\SpotifySetup (1).exe
2015-11-11 16:45 - 2015-11-05 15:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 16:45 - 2015-11-05 15:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 16:45 - 2015-11-05 15:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 16:45 - 2015-11-05 15:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 16:45 - 2015-11-05 15:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 16:45 - 2015-11-05 15:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 16:45 - 2015-11-05 15:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 16:45 - 2015-11-05 15:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 16:45 - 2015-11-05 14:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 16:45 - 2015-11-05 14:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 16:45 - 2015-11-05 14:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 16:45 - 2015-11-05 14:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 16:45 - 2015-11-05 14:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 16:45 - 2015-11-05 14:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 16:45 - 2015-11-05 14:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 16:45 - 2015-11-05 14:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 16:45 - 2015-11-05 14:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 16:45 - 2015-11-05 14:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 16:45 - 2015-11-05 14:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 16:45 - 2015-11-05 14:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 16:45 - 2015-11-05 14:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 16:45 - 2015-11-05 14:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 16:45 - 2015-11-05 14:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 16:45 - 2015-11-05 14:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 16:45 - 2015-11-05 14:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 16:45 - 2015-11-05 14:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 16:45 - 2015-11-05 14:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 16:45 - 2015-11-05 14:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 16:45 - 2015-11-05 14:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 16:45 - 2015-11-05 13:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 16:45 - 2015-11-05 13:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 16:45 - 2015-11-05 13:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 16:45 - 2015-11-05 13:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 16:45 - 2015-11-05 13:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 16:45 - 2015-11-05 13:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 16:45 - 2015-11-05 13:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 16:45 - 2015-11-05 13:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 16:45 - 2015-11-05 13:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 16:45 - 2015-11-05 13:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 16:45 - 2015-11-05 13:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 16:45 - 2015-11-05 13:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 16:45 - 2015-11-05 13:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 16:45 - 2015-11-05 13:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 16:45 - 2015-11-05 13:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 16:45 - 2015-11-05 13:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 16:45 - 2015-11-05 13:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 16:45 - 2015-11-05 13:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 16:45 - 2015-11-05 13:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 16:45 - 2015-11-05 13:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 21:44 - 2015-11-09 21:51 - 00183973 _____ C:\Users\drea\Downloads\DarrenRea_Resume_Animator.pdf
2015-11-08 10:48 - 2015-11-08 10:48 - 00042528 _____ ( ) C:\WINDOWS\system32\Drivers\PXGX112.sys
2015-11-06 12:53 - 2015-11-06 12:53 - 06418197 _____ C:\WINDOWS\system32\DGN2200-V1.0.0.42_7.0.42NA.chk
2015-11-06 12:53 - 2015-11-06 12:53 - 06414101 _____ C:\WINDOWS\system32\DGN2200-V1.0.0.42_7.0.42.chk
2015-11-06 12:53 - 2015-11-06 12:53 - 00237637 _____ C:\WINDOWS\system32\nbt.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00231936 _____ C:\WINDOWS\system32\3500_256.dll
2015-11-06 12:53 - 2015-11-06 12:53 - 00038912 _____ C:\WINDOWS\system32\FirmwareRecovery.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00033792 _____ (j. montgomery) C:\WINDOWS\system32\DnDns.dll
2015-11-06 12:53 - 2015-11-06 12:53 - 00008704 _____ (Microsoft) C:\WINDOWS\system32\readyshare.exe
2015-11-06 12:53 - 2015-11-06 12:53 - 00008192 _____ (foxconn) C:\WINDOWS\system32\detectUtility.exe
2015-11-06 11:04 - 2015-12-06 18:12 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-06 09:30 - 2015-11-06 09:30 - 00000000 __RHD C:\MSOCache
2015-11-06 09:20 - 2015-11-06 09:20 - 00000000 ____D C:\Users\drea\Desktop\TD
2015-11-06 09:18 - 2015-11-06 09:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2015-11-06 09:14 - 2015-11-06 09:38 - 00000000 ____D C:\Users\drea\Desktop\MacRae Presentation Pics
2015-11-06 09:13 - 2015-11-06 09:13 - 00002403 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-06 09:13 - 2015-11-06 09:13 - 00000000 ___RD C:\Users\Administrator\OneDrive
2015-11-06 09:11 - 2015-11-06 09:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2015-11-06 09:09 - 2015-11-06 09:09 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WTablet
2015-11-06 09:09 - 2015-11-06 09:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-06 19:52 - 2015-07-10 19:05 - 00000000 ____D C:\Windows
2015-12-06 19:51 - 2015-06-28 09:40 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3080413440-1471056018-455970439-1002UA.job
2015-12-06 19:37 - 2015-01-04 20:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-06 19:37 - 2014-08-06 00:49 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-06 18:27 - 2015-08-10 21:24 - 00001212 _____ C:\Users\drea\Desktop\TogglDesktop.lnk
2015-12-06 18:27 - 2015-04-27 20:42 - 00002340 _____ C:\Users\drea\Desktop\Darren - Chrome.lnk
2015-12-06 18:27 - 2014-08-12 22:02 - 00001054 _____ C:\Users\drea\Desktop\Unified Remote.lnk
2015-12-06 18:27 - 2014-08-10 19:57 - 00001754 _____ C:\Users\drea\Desktop\Google Drive.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001777 _____ C:\Users\drea\Desktop\NukeAssist 8.0v5.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001761 _____ C:\Users\drea\Desktop\NukeX 8.0v5.lnk
2015-12-06 18:27 - 2014-08-06 10:57 - 00001751 _____ C:\Users\drea\Desktop\Nuke 8.0v5.lnk
2015-12-06 18:13 - 2014-08-06 00:49 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-06 18:12 - 2015-08-17 08:25 - 00000000 __SHD C:\Users\drea\IntelGraphicsProfiles
2015-12-06 18:12 - 2014-08-06 11:00 - 00000000 ____D C:\ProgramData\Reprise
2015-12-06 18:11 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-06 18:11 - 2015-07-10 19:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-06 11:50 - 2015-06-28 09:40 - 00000872 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3080413440-1471056018-455970439-1002Core.job
2015-12-06 09:26 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-06 09:20 - 2015-08-16 23:24 - 00000000 ____D C:\Users\drea
2015-12-05 22:00 - 2015-08-24 15:50 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{465550CD-A897-4084-8BD8-CC2C71DC5592}
2015-12-05 08:42 - 2014-08-07 19:00 - 00000000 ____D C:\Users\drea\AppData\Roaming\Skype
2015-12-05 08:35 - 2015-07-10 21:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-04 20:32 - 2014-08-06 00:49 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 20:32 - 2014-08-06 00:49 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 15:32 - 2014-08-06 00:52 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 11:38 - 2014-09-20 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-03 11:37 - 2014-09-20 14:31 - 00146696 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00135880 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00073032 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-12-03 11:37 - 2014-09-20 14:31 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-12-01 21:52 - 2014-08-07 22:09 - 00000000 ____D C:\Users\drea\AppData\Local\Spotify
2015-12-01 21:52 - 2014-08-07 22:07 - 00000000 ____D C:\Users\drea\AppData\Roaming\Spotify
2015-11-29 17:31 - 2015-08-29 21:24 - 00000000 ____D C:\Users\drea\Desktop\New folder (4)
2015-11-29 15:58 - 2014-08-07 17:22 - 00000000 ____D C:\Users\drea\AppData\Local\Adobe
2015-11-28 16:12 - 2015-08-16 23:21 - 00969890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 16:12 - 2015-07-10 21:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 16:11 - 2015-08-16 23:24 - 00000000 ____D C:\Users\Administrator
2015-11-28 14:20 - 2014-08-10 19:57 - 00000000 ___RD C:\Users\drea\Google Drive
2015-11-25 11:51 - 2015-07-10 21:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-25 11:51 - 2015-06-13 14:45 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-25 11:31 - 2014-08-10 19:05 - 00002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-25 11:31 - 2014-08-10 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-22 11:20 - 2014-01-19 11:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-22 11:16 - 2014-10-27 11:17 - 00047104 ___SH C:\Users\drea\Downloads\Thumbs.db
2015-11-19 23:26 - 2014-08-07 16:25 - 00000000 ____D C:\Users\drea\AppData\Roaming\vlc
2015-11-19 22:24 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-19 21:58 - 2015-08-16 20:29 - 00000000 ____D C:\Users\drea\Documents\Adobe
2015-11-19 20:53 - 2015-10-17 22:30 - 00000265 ____R C:\Users\drea\p4tickets.txt
2015-11-19 18:36 - 2014-08-15 22:31 - 00003226 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordrea
2015-11-19 18:36 - 2014-08-15 22:31 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordrea.job
2015-11-16 11:33 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 19:20 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-15 18:59 - 2014-08-08 10:36 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-15 18:59 - 2014-08-08 10:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 08:53 - 2014-09-21 10:12 - 00000000 ____D C:\Users\drea\AppData\Roaming\Dropbox
2015-11-11 21:19 - 2015-08-31 20:28 - 00001214 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-11 21:18 - 2014-03-22 16:09 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-11 17:23 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-09 20:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-06 09:12 - 2014-09-21 16:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-11-06 09:09 - 2014-08-06 00:11 - 00000000 __RHD C:\Users\Public\AccountPictures
 
==================== Files in the root of some directories =======
 
2014-10-17 12:41 - 2015-06-27 21:40 - 0000132 _____ () C:\Users\drea\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-06 17:37 - 2014-10-31 00:06 - 0007669 _____ () C:\Users\drea\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\drea\AppData\Local\Temp\avgnt.exe
C:\Users\drea\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjup2zp.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-30 07:36
 
==================== End of FRST.txt ============================


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 07 December 2015 - 08:53 AM

Hello 3drea,

Do you use Chrome Remote Desktop?

Please read the information below carefully.

:step1: Peer-to-peer software

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

===

:step2: Pirated software

Bleeping Computer does not allow the use of pirated software.

The practice of using keygenshacking toolscracking toolswareztorrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.
 
When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
If you want to read on then the full post is here.

I will help you clean your machine, but please remember that this is a one-time deal. After that I will refuse further assistance.

===

:step3: If it is possible, please retrieve the protection log from Avira that shows the detection and post it here. I do not use Avira though, so I will be unable to provide you with instructions unfortunately.

===

:step4: Fix with Farbar Recovery Scan Tool

  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.

To recap, I will need the following information in your next post:

  • Confirmation that you have acknowledged the above warning;
  • Protection log from Avira if possible;
  • Contents of Fixlog.txt.

Regards,
Alex 



#6 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 07 December 2015 - 05:26 PM

Hi Alex,

 

Thanks for your reply.

 

Yes I acknowledge your warning, I have uninstalled uTorrent and won't use it again.

 

Avira had never found any viruses (I've icluded the logs), it was Malwarebytes that found anything (included below as well).

 

Avira:

 

 
 
Free Antivirus
Report file date: Sunday, 6 December 2015  09:52
 
 
The program is running as an unrestricted full version.
Online services are available.
 
Licensee        : Avira Antivirus Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 10 Home
Windows version : (plain)  [10.0.10240]
Boot mode       : Normally booted
Username        : drea
Computer name   : NUKE
 
Version information:
build.dat       : 15.0.15.125    93076 Bytes  20/11/2015 15:36:00
AVSCAN.EXE      : 15.0.15.122  1203832 Bytes  03/12/2015 01:37:19
AVSCANRC.DLL    : 15.0.15.106    56944 Bytes  03/12/2015 01:37:19
LUKE.DLL        : 15.0.15.106    69248 Bytes  03/12/2015 01:37:30
AVSCPLR.DLL     : 15.0.15.122   106352 Bytes  03/12/2015 01:37:19
REPAIR.DLL      : 15.0.15.106   493608 Bytes  03/12/2015 01:37:18
repair.rdf      : 1.0.12.86    1389438 Bytes  05/12/2015 23:26:53
AVREG.DLL       : 15.0.15.106   346312 Bytes  03/12/2015 01:37:18
avlode.dll      : 15.0.15.106   701680 Bytes  03/12/2015 01:37:17
avlode.rdf      : 14.0.5.6       84211 Bytes  31/08/2015 08:27:19
XBV00029.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00030.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00031.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00032.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00033.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00034.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00035.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00036.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00037.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00038.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00039.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00040.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00041.VDF    : 8.11.165.190     2048 Bytes  07/08/2014 00:30:21
XBV00232.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00233.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00234.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00235.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00236.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00237.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00238.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00239.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00240.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00241.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:38
XBV00242.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00243.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00244.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00245.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00246.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00247.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00248.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00249.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00250.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00251.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00252.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00253.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00254.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00255.VDF    : 8.12.28.114     2048 Bytes  17/11/2015 19:19:39
XBV00000.VDF    : 7.11.70.0   66736640 Bytes  04/04/2013 00:30:21
XBV00001.VDF    : 7.11.74.226  2201600 Bytes  30/04/2013 00:30:21
XBV00002.VDF    : 7.11.80.60   2751488 Bytes  28/05/2013 00:30:21
XBV00003.VDF    : 7.11.85.214  2162688 Bytes  21/06/2013 00:30:21
XBV00004.VDF    : 7.11.91.176  3903488 Bytes  23/07/2013 00:30:21
XBV00005.VDF    : 7.11.98.186  6822912 Bytes  29/08/2013 00:30:21
XBV00006.VDF    : 7.11.139.38 15708672 Bytes  27/03/2014 00:30:21
XBV00007.VDF    : 7.11.152.100  4193792 Bytes  02/06/2014 00:30:21
XBV00008.VDF    : 8.11.165.192  4251136 Bytes  07/08/2014 00:30:21
XBV00009.VDF    : 8.11.172.30  2094080 Bytes  15/09/2014 04:33:44
XBV00010.VDF    : 8.11.178.32  1581056 Bytes  14/10/2014 00:41:39
XBV00011.VDF    : 8.11.184.50  2178560 Bytes  11/11/2014 02:26:00
XBV00012.VDF    : 8.11.190.32  1876992 Bytes  03/12/2014 10:18:08
XBV00013.VDF    : 8.11.201.28  2973696 Bytes  14/01/2015 11:32:48
XBV00014.VDF    : 8.11.206.252  2695680 Bytes  04/02/2015 10:26:55
XBV00015.VDF    : 8.11.213.84  3175936 Bytes  03/03/2015 12:17:59
XBV00016.VDF    : 8.11.213.176   212480 Bytes  05/03/2015 12:18:01
XBV00017.VDF    : 8.11.219.166  2033664 Bytes  25/03/2015 12:04:50
XBV00018.VDF    : 8.11.225.88  2367488 Bytes  22/04/2015 10:45:20
XBV00019.VDF    : 8.11.230.186  1674752 Bytes  13/05/2015 10:47:22
XBV00020.VDF    : 8.11.237.30  4711936 Bytes  02/06/2015 12:34:13
XBV00021.VDF    : 8.11.243.12  2747904 Bytes  26/06/2015 01:50:24
XBV00022.VDF    : 8.11.248.172  2350592 Bytes  17/07/2015 03:50:47
XBV00023.VDF    : 8.11.254.112  2570752 Bytes  07/08/2015 07:58:40
XBV00024.VDF    : 8.12.3.6     2196480 Bytes  27/08/2015 13:10:55
XBV00025.VDF    : 8.12.8.238   1951232 Bytes  16/09/2015 11:51:05
XBV00026.VDF    : 8.12.16.180  2211328 Bytes  07/10/2015 10:27:00
XBV00027.VDF    : 8.12.21.126  2252288 Bytes  27/10/2015 01:19:42
XBV00028.VDF    : 8.12.28.114  2935296 Bytes  17/11/2015 19:19:32
XBV00042.VDF    : 8.12.28.118    33792 Bytes  17/11/2015 19:19:32
XBV00043.VDF    : 8.12.28.122    39424 Bytes  17/11/2015 01:19:31
XBV00044.VDF    : 8.12.28.124     2048 Bytes  18/11/2015 01:19:31
XBV00045.VDF    : 8.12.28.128    51712 Bytes  18/11/2015 09:19:32
XBV00046.VDF    : 8.12.28.130     2048 Bytes  18/11/2015 09:19:32
XBV00047.VDF    : 8.12.28.132    14336 Bytes  18/11/2015 11:19:33
XBV00048.VDF    : 8.12.28.158    10752 Bytes  18/11/2015 11:19:33
XBV00049.VDF    : 8.12.28.184     5632 Bytes  18/11/2015 15:19:33
XBV00050.VDF    : 8.12.28.210     3584 Bytes  18/11/2015 15:19:33
XBV00051.VDF    : 8.12.28.236    10240 Bytes  18/11/2015 15:19:33
XBV00052.VDF    : 8.12.29.6      27136 Bytes  18/11/2015 17:19:33
XBV00053.VDF    : 8.12.29.8       3072 Bytes  18/11/2015 17:19:33
XBV00054.VDF    : 8.12.29.10     15360 Bytes  18/11/2015 19:20:15
XBV00055.VDF    : 8.12.29.12      2048 Bytes  18/11/2015 19:20:15
XBV00056.VDF    : 8.12.29.14      2048 Bytes  18/11/2015 19:20:15
XBV00057.VDF    : 8.12.29.16     13312 Bytes  18/11/2015 19:20:15
XBV00058.VDF    : 8.12.29.18      2048 Bytes  18/11/2015 19:20:15
XBV00059.VDF    : 8.12.29.20     15360 Bytes  18/11/2015 21:19:35
XBV00060.VDF    : 8.12.29.22      6144 Bytes  18/11/2015 21:19:35
XBV00061.VDF    : 8.12.29.24      6144 Bytes  18/11/2015 23:19:36
XBV00062.VDF    : 8.12.29.26     13312 Bytes  18/11/2015 23:19:36
XBV00063.VDF    : 8.12.29.28     15872 Bytes  18/11/2015 06:55:43
XBV00064.VDF    : 8.12.29.52     39424 Bytes  19/11/2015 06:55:43
XBV00065.VDF    : 8.12.29.72      8192 Bytes  19/11/2015 12:55:48
XBV00066.VDF    : 8.12.29.92     13824 Bytes  19/11/2015 12:55:48
XBV00067.VDF    : 8.12.29.112     2048 Bytes  19/11/2015 12:55:48
XBV00068.VDF    : 8.12.29.156    62464 Bytes  19/11/2015 10:30:53
XBV00069.VDF    : 8.12.29.176     2048 Bytes  19/11/2015 10:30:54
XBV00070.VDF    : 8.12.29.196    17408 Bytes  19/11/2015 10:30:54
XBV00071.VDF    : 8.12.29.198     2048 Bytes  19/11/2015 10:30:54
XBV00072.VDF    : 8.12.29.200     2048 Bytes  19/11/2015 10:30:54
XBV00073.VDF    : 8.12.29.202     2048 Bytes  19/11/2015 10:30:54
XBV00074.VDF    : 8.12.29.204     2048 Bytes  19/11/2015 10:30:54
XBV00075.VDF    : 8.12.29.206    13312 Bytes  19/11/2015 10:30:54
XBV00076.VDF    : 8.12.29.210    37888 Bytes  20/11/2015 10:30:54
XBV00077.VDF    : 8.12.29.212     2048 Bytes  20/11/2015 10:30:54
XBV00078.VDF    : 8.12.29.252     2048 Bytes  20/11/2015 10:30:54
XBV00079.VDF    : 8.12.30.16     27136 Bytes  20/11/2015 04:45:24
XBV00080.VDF    : 8.12.30.56     11776 Bytes  20/11/2015 04:45:24
XBV00081.VDF    : 8.12.30.76     39936 Bytes  20/11/2015 04:45:24
XBV00082.VDF    : 8.12.30.78     17920 Bytes  20/11/2015 04:45:24
XBV00083.VDF    : 8.12.30.80      9728 Bytes  20/11/2015 04:45:24
XBV00084.VDF    : 8.12.30.82     10240 Bytes  20/11/2015 04:45:24
XBV00085.VDF    : 8.12.30.84      8704 Bytes  20/11/2015 04:45:24
XBV00086.VDF    : 8.12.30.86      8192 Bytes  20/11/2015 04:45:24
XBV00087.VDF    : 8.12.30.90     33792 Bytes  21/11/2015 11:50:19
XBV00088.VDF    : 8.12.30.92      2048 Bytes  21/11/2015 11:50:20
XBV00089.VDF    : 8.12.30.94     12288 Bytes  21/11/2015 11:50:20
XBV00090.VDF    : 8.12.30.96     31744 Bytes  21/11/2015 23:34:39
XBV00091.VDF    : 8.12.30.116    89600 Bytes  22/11/2015 23:34:39
XBV00092.VDF    : 8.12.30.178    81920 Bytes  23/11/2015 07:33:43
XBV00093.VDF    : 8.12.30.198     5120 Bytes  23/11/2015 07:33:43
XBV00094.VDF    : 8.12.30.216     7168 Bytes  23/11/2015 07:33:43
XBV00095.VDF    : 8.12.30.218     4096 Bytes  23/11/2015 09:33:43
XBV00096.VDF    : 8.12.30.220     8704 Bytes  23/11/2015 11:33:44
XBV00097.VDF    : 8.12.30.222    12288 Bytes  23/11/2015 11:33:44
XBV00098.VDF    : 8.12.30.224     7168 Bytes  23/11/2015 11:33:44
XBV00099.VDF    : 8.12.30.226     7168 Bytes  23/11/2015 13:33:43
XBV00100.VDF    : 8.12.30.228    10752 Bytes  23/11/2015 13:33:44
XBV00101.VDF    : 8.12.30.246    13824 Bytes  23/11/2015 15:33:45
XBV00102.VDF    : 8.12.31.8       6144 Bytes  23/11/2015 15:33:45
XBV00103.VDF    : 8.12.31.26      5120 Bytes  23/11/2015 19:33:47
XBV00104.VDF    : 8.12.31.44     16384 Bytes  23/11/2015 19:33:47
XBV00105.VDF    : 8.12.31.62      4096 Bytes  23/11/2015 19:33:47
XBV00106.VDF    : 8.12.31.80     10752 Bytes  23/11/2015 03:04:48
XBV00107.VDF    : 8.12.31.82      2048 Bytes  23/11/2015 03:04:48
XBV00108.VDF    : 8.12.31.84      4608 Bytes  23/11/2015 03:04:48
XBV00109.VDF    : 8.12.31.86      8192 Bytes  23/11/2015 03:04:48
XBV00110.VDF    : 8.12.31.90     26624 Bytes  24/11/2015 07:04:49
XBV00111.VDF    : 8.12.31.92      3072 Bytes  24/11/2015 07:04:49
XBV00112.VDF    : 8.12.31.94      2048 Bytes  24/11/2015 07:04:49
XBV00113.VDF    : 8.12.31.96     14336 Bytes  24/11/2015 09:04:50
XBV00114.VDF    : 8.12.31.98      9216 Bytes  24/11/2015 09:04:50
XBV00115.VDF    : 8.12.31.100     6656 Bytes  24/11/2015 13:04:49
XBV00116.VDF    : 8.12.31.102     7168 Bytes  24/11/2015 13:04:49
XBV00117.VDF    : 8.12.31.104     3072 Bytes  24/11/2015 13:04:49
XBV00118.VDF    : 8.12.31.106     8704 Bytes  24/11/2015 01:34:42
XBV00119.VDF    : 8.12.31.108     2048 Bytes  24/11/2015 01:34:42
XBV00120.VDF    : 8.12.31.110     9728 Bytes  24/11/2015 01:34:42
XBV00121.VDF    : 8.12.31.128    10752 Bytes  24/11/2015 01:34:42
XBV00122.VDF    : 8.12.31.130    21504 Bytes  24/11/2015 01:34:43
XBV00123.VDF    : 8.12.31.132     9216 Bytes  24/11/2015 01:34:43
XBV00124.VDF    : 8.12.31.134    15872 Bytes  24/11/2015 01:34:43
XBV00125.VDF    : 8.12.31.140    13824 Bytes  25/11/2015 07:34:05
XBV00126.VDF    : 8.12.31.142     4608 Bytes  25/11/2015 07:34:05
XBV00127.VDF    : 8.12.31.144    23552 Bytes  25/11/2015 02:24:04
XBV00128.VDF    : 8.12.31.146    34816 Bytes  25/11/2015 02:24:04
XBV00129.VDF    : 8.12.31.154    60416 Bytes  25/11/2015 02:24:04
XBV00130.VDF    : 8.12.31.172     7680 Bytes  25/11/2015 02:24:04
XBV00131.VDF    : 8.12.31.188     8192 Bytes  25/11/2015 02:24:04
XBV00132.VDF    : 8.12.31.204     2048 Bytes  25/11/2015 02:24:04
XBV00133.VDF    : 8.12.31.220    12288 Bytes  25/11/2015 02:24:04
XBV00134.VDF    : 8.12.31.224     2048 Bytes  26/11/2015 02:24:04
XBV00135.VDF    : 8.12.31.242    18944 Bytes  26/11/2015 08:25:09
XBV00136.VDF    : 8.12.31.244     2048 Bytes  26/11/2015 08:25:09
XBV00137.VDF    : 8.12.31.246     2048 Bytes  26/11/2015 08:25:09
XBV00138.VDF    : 8.12.31.248    37888 Bytes  26/11/2015 10:25:10
XBV00139.VDF    : 8.12.31.250    11264 Bytes  26/11/2015 10:25:10
XBV00140.VDF    : 8.12.31.252     2048 Bytes  26/11/2015 10:25:10
XBV00141.VDF    : 8.12.31.254     6144 Bytes  26/11/2015 03:31:44
XBV00142.VDF    : 8.12.32.2      12800 Bytes  26/11/2015 03:31:44
XBV00143.VDF    : 8.12.32.4       2560 Bytes  26/11/2015 03:31:44
XBV00144.VDF    : 8.12.32.6      11776 Bytes  26/11/2015 03:31:44
XBV00145.VDF    : 8.12.32.8      17920 Bytes  26/11/2015 11:13:04
XBV00146.VDF    : 8.12.32.10      2048 Bytes  26/11/2015 11:13:04
XBV00147.VDF    : 8.12.32.12      3584 Bytes  27/11/2015 11:13:04
XBV00148.VDF    : 8.12.32.14     69632 Bytes  27/11/2015 11:13:05
XBV00149.VDF    : 8.12.32.30      2048 Bytes  27/11/2015 11:13:05
XBV00150.VDF    : 8.12.32.46      8192 Bytes  27/11/2015 23:13:10
XBV00151.VDF    : 8.12.32.62     12800 Bytes  27/11/2015 23:13:10
XBV00152.VDF    : 8.12.32.78      2048 Bytes  27/11/2015 23:13:10
XBV00153.VDF    : 8.12.32.94     16896 Bytes  27/11/2015 23:13:10
XBV00154.VDF    : 8.12.32.96      5632 Bytes  27/11/2015 23:13:10
XBV00155.VDF    : 8.12.32.98      5120 Bytes  27/11/2015 23:13:10
XBV00156.VDF    : 8.12.32.100    11776 Bytes  27/11/2015 23:13:10
XBV00157.VDF    : 8.12.32.102    13312 Bytes  27/11/2015 23:13:10
XBV00158.VDF    : 8.12.32.104     8704 Bytes  27/11/2015 01:15:04
XBV00159.VDF    : 8.12.32.106     6144 Bytes  27/11/2015 13:18:43
XBV00160.VDF    : 8.12.32.108     2048 Bytes  28/11/2015 13:18:43
XBV00161.VDF    : 8.12.32.112    56832 Bytes  28/11/2015 13:18:44
XBV00162.VDF    : 8.12.32.118     2048 Bytes  28/11/2015 13:18:44
XBV00163.VDF    : 8.12.32.120    16384 Bytes  28/11/2015 13:18:44
XBV00164.VDF    : 8.12.32.138    11264 Bytes  28/11/2015 08:15:46
XBV00165.VDF    : 8.12.32.152     2048 Bytes  28/11/2015 08:15:46
XBV00166.VDF    : 8.12.32.166     7168 Bytes  28/11/2015 10:15:47
XBV00167.VDF    : 8.12.32.180    96768 Bytes  29/11/2015 10:15:47
XBV00168.VDF    : 8.12.32.194     2048 Bytes  29/11/2015 10:15:47
XBV00169.VDF    : 8.12.32.208     6144 Bytes  29/11/2015 21:56:58
XBV00170.VDF    : 8.12.32.222     7168 Bytes  29/11/2015 21:56:58
XBV00171.VDF    : 8.12.32.236     5120 Bytes  29/11/2015 21:56:58
XBV00172.VDF    : 8.12.33.8      55808 Bytes  30/11/2015 09:57:01
XBV00173.VDF    : 8.12.33.24      2048 Bytes  30/11/2015 09:57:02
XBV00174.VDF    : 8.12.33.40      2048 Bytes  30/11/2015 09:57:02
XBV00175.VDF    : 8.12.33.56     20992 Bytes  30/11/2015 23:15:27
XBV00176.VDF    : 8.12.33.70     26112 Bytes  30/11/2015 23:15:27
XBV00177.VDF    : 8.12.33.86     81920 Bytes  30/11/2015 23:15:27
XBV00178.VDF    : 8.12.33.90      2048 Bytes  30/11/2015 23:15:27
XBV00179.VDF    : 8.12.33.92      2048 Bytes  30/11/2015 23:15:27
XBV00180.VDF    : 8.12.33.94      2560 Bytes  30/11/2015 23:15:27
XBV00181.VDF    : 8.12.33.98     44032 Bytes  30/11/2015 23:15:27
XBV00182.VDF    : 8.12.33.102    43520 Bytes  01/12/2015 07:15:30
XBV00183.VDF    : 8.12.33.116     7680 Bytes  01/12/2015 09:15:30
XBV00184.VDF    : 8.12.33.128     2048 Bytes  01/12/2015 11:18:18
XBV00185.VDF    : 8.12.33.140    11776 Bytes  01/12/2015 11:38:48
XBV00186.VDF    : 8.12.33.152     2048 Bytes  01/12/2015 11:38:49
XBV00187.VDF    : 8.12.33.166    28672 Bytes  01/12/2015 03:41:06
XBV00188.VDF    : 8.12.33.168    54272 Bytes  02/12/2015 09:11:15
XBV00189.VDF    : 8.12.33.170     2048 Bytes  02/12/2015 09:11:15
XBV00190.VDF    : 8.12.33.172     2048 Bytes  02/12/2015 09:11:15
XBV00191.VDF    : 8.12.33.174     2048 Bytes  02/12/2015 09:11:15
XBV00192.VDF    : 8.12.33.176    13824 Bytes  02/12/2015 11:38:04
XBV00193.VDF    : 8.12.33.178     2048 Bytes  02/12/2015 11:38:04
XBV00194.VDF    : 8.12.33.184    24576 Bytes  02/12/2015 17:26:53
XBV00195.VDF    : 8.12.33.186     4608 Bytes  02/12/2015 18:32:02
XBV00196.VDF    : 8.12.33.198     3584 Bytes  02/12/2015 19:37:13
XBV00197.VDF    : 8.12.33.210    16384 Bytes  02/12/2015 21:59:28
XBV00198.VDF    : 8.12.33.222    22016 Bytes  02/12/2015 21:59:28
XBV00199.VDF    : 8.12.33.224     2048 Bytes  02/12/2015 21:59:28
XBV00200.VDF    : 8.12.33.236    16896 Bytes  02/12/2015 22:32:04
XBV00201.VDF    : 8.12.33.238     9216 Bytes  02/12/2015 23:20:57
XBV00202.VDF    : 8.12.33.240     6144 Bytes  02/12/2015 00:54:20
XBV00203.VDF    : 8.12.33.242     2048 Bytes  02/12/2015 00:54:20
XBV00204.VDF    : 8.12.33.246    20992 Bytes  03/12/2015 23:26:52
XBV00205.VDF    : 8.12.33.248     2048 Bytes  03/12/2015 23:26:52
XBV00206.VDF    : 8.12.33.250     9728 Bytes  03/12/2015 23:26:52
XBV00207.VDF    : 8.12.33.252    16896 Bytes  03/12/2015 23:26:52
XBV00208.VDF    : 8.12.33.254     6656 Bytes  03/12/2015 23:26:52
XBV00209.VDF    : 8.12.34.0       6656 Bytes  03/12/2015 23:26:52
XBV00210.VDF    : 8.12.34.2      23040 Bytes  03/12/2015 23:26:52
XBV00211.VDF    : 8.12.34.4       2048 Bytes  03/12/2015 23:26:52
XBV00212.VDF    : 8.12.34.6      12800 Bytes  03/12/2015 23:26:52
XBV00213.VDF    : 8.12.34.8      13824 Bytes  03/12/2015 23:26:52
XBV00214.VDF    : 8.12.34.20      2048 Bytes  03/12/2015 23:26:52
XBV00215.VDF    : 8.12.34.30      2048 Bytes  03/12/2015 23:26:52
XBV00216.VDF    : 8.12.34.40     14848 Bytes  04/12/2015 23:26:52
XBV00217.VDF    : 8.12.34.52     17920 Bytes  04/12/2015 23:26:52
XBV00218.VDF    : 8.12.34.54      9216 Bytes  04/12/2015 23:26:52
XBV00219.VDF    : 8.12.34.64      9216 Bytes  04/12/2015 23:26:52
XBV00220.VDF    : 8.12.34.66     20992 Bytes  04/12/2015 23:26:52
XBV00221.VDF    : 8.12.34.68      2048 Bytes  04/12/2015 23:26:52
XBV00222.VDF    : 8.12.34.70     13312 Bytes  04/12/2015 23:26:52
XBV00223.VDF    : 8.12.34.74     35328 Bytes  04/12/2015 23:26:52
XBV00224.VDF    : 8.12.34.76      2048 Bytes  04/12/2015 23:26:52
XBV00225.VDF    : 8.12.34.80     30720 Bytes  04/12/2015 23:26:52
XBV00226.VDF    : 8.12.34.82     12800 Bytes  04/12/2015 23:26:52
XBV00227.VDF    : 8.12.34.92     11264 Bytes  04/12/2015 23:26:52
XBV00228.VDF    : 8.12.34.102     6656 Bytes  04/12/2015 23:26:52
XBV00229.VDF    : 8.12.34.114    38400 Bytes  05/12/2015 23:26:52
XBV00230.VDF    : 8.12.34.124    33792 Bytes  05/12/2015 23:26:52
XBV00231.VDF    : 8.12.34.126     8192 Bytes  05/12/2015 23:26:53
LOCAL001.VDF    : 8.12.34.126 146954240 Bytes  05/12/2015 23:27:14
Engine version  : 8.3.34.88 
AEBB.DLL        : 8.1.3.0        59296 Bytes  20/11/2015 10:30:49
AECORE.DLL      : 8.3.9.0       249920 Bytes  13/11/2015 04:47:33
AEDROID.DLL     : 8.4.3.348    1800104 Bytes  06/11/2015 23:43:15
AEEMU.DLL       : 8.1.3.6       404328 Bytes  20/11/2015 10:30:50
AEEXP.DLL       : 8.4.2.136     289920 Bytes  05/12/2015 23:26:51
AEGEN.DLL       : 8.1.8.10      491576 Bytes  05/12/2015 23:26:48
AEHELP.DLL      : 8.3.2.6       284584 Bytes  20/11/2015 10:30:50
AEHEUR.DLL      : 8.1.4.2078   9939824 Bytes  05/12/2015 23:26:51
AEMOBILE.DLL    : 8.1.8.10      301936 Bytes  27/11/2015 03:31:43
AEOFFICE.DLL    : 8.3.1.56      408432 Bytes  19/10/2015 23:24:20
AEPACK.DLL      : 8.4.1.20      801920 Bytes  05/12/2015 23:26:51
AERDL.DLL       : 8.2.1.38      813928 Bytes  06/11/2015 23:43:12
AESBX.DLL       : 8.2.21.2     1629032 Bytes  06/11/2015 23:43:14
AESCN.DLL       : 8.3.4.0       141216 Bytes  28/11/2015 13:18:41
AESCRIPT.DLL    : 8.3.0.6       542632 Bytes  05/12/2015 23:26:51
AEVDF.DLL       : 8.3.2.4       141216 Bytes  20/11/2015 10:30:53
AVWINLL.DLL     : 15.0.15.106    28632 Bytes  03/12/2015 01:37:15
AVPREF.DLL      : 15.0.15.106    54896 Bytes  03/12/2015 01:37:18
AVREP.DLL       : 15.0.15.106   225320 Bytes  03/12/2015 01:37:18
AVARKT.DLL      : 15.0.15.106   231032 Bytes  03/12/2015 01:37:15
AVEVTLOG.DLL    : 15.0.15.106   200632 Bytes  03/12/2015 01:37:16
SQLITE3.DLL     : 15.0.15.106   460704 Bytes  03/12/2015 01:37:32
AVSMTP.DLL      : 15.0.15.106    82120 Bytes  03/12/2015 01:37:20
NETNT.DLL       : 15.0.15.106    18792 Bytes  03/12/2015 01:37:30
CommonImageRc.dll: 15.0.15.106  4309752 Bytes  03/12/2015 01:37:15
CommonTextRc.dll: 15.0.15.106    69304 Bytes  03/12/2015 01:37:15
 
Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldiscs.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
 
Start of the scan: Sunday, 6 December 2015  09:52
 
Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
    [INFO]      No virus was found!
 
The scan of running processes will be started:
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'dwm.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '210' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '137' Module(s) have been scanned
Scan process 'svchost.exe' - '107' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '36' Module(s) have been scanned
Scan process 'cachesrvr.exe' - '54' Module(s) have been scanned
Scan process 'OmniServ.exe' - '76' Module(s) have been scanned
Scan process 'igfxCUIService.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '57' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '63' Module(s) have been scanned
Scan process 'Hpservice.exe' - '21' Module(s) have been scanned
Scan process 'RtkAudioService64.exe' - '38' Module(s) have been scanned
Scan process 'WTabletServiceCon.exe' - '27' Module(s) have been scanned
Scan process 'RAVBg64.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'spoolsv.exe' - '98' Module(s) have been scanned
Scan process 'sched.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'remoting_host.exe' - '51' Module(s) have been scanned
Scan process 'dashost.exe' - '59' Module(s) have been scanned
Scan process 'avguard.exe' - '108' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '119' Module(s) have been scanned
Scan process 'svchost.exe' - '81' Module(s) have been scanned
Scan process 'AdAppMgrSvc.exe' - '52' Module(s) have been scanned
Scan process 'GfExperienceService.exe' - '50' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '29' Module(s) have been scanned
Scan process 'hserver.exe' - '36' Module(s) have been scanned
Scan process 'sesinetd.exe' - '39' Module(s) have been scanned
Scan process 'armsvc.exe' - '31' Module(s) have been scanned
Scan process 'HeciServer.exe' - '28' Module(s) have been scanned
Scan process 'OfficeClickToRun.exe' - '90' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '38' Module(s) have been scanned
Scan process 'iSCTAgent.exe' - '77' Module(s) have been scanned
Scan process 'ibtrksrv.exe' - '32' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '16' Module(s) have been scanned
Scan process 'NvNetworkService.exe' - '58' Module(s) have been scanned
Scan process 'mbamservice.exe' - '63' Module(s) have been scanned
Scan process 'raysat_3dsmax2013_64server.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '16' Module(s) have been scanned
Scan process 'NvStreamService.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'SynTPEnhService.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'SwiCardDetect64.exe' - '58' Module(s) have been scanned
Scan process 'rlm.foundry.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'rlm.foundry.exe' - '42' Module(s) have been scanned
Scan process 'conhost.exe' - '13' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '55' Module(s) have been scanned
Scan process 'remoting_host.exe' - '63' Module(s) have been scanned
Scan process 'NvStreamNetworkService.exe' - '53' Module(s) have been scanned
Scan process 'conhost.exe' - '26' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '30' Module(s) have been scanned
Scan process 'DllHost.exe' - '23' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'mbam.exe' - '118' Module(s) have been scanned
Scan process 'taskhostw.exe' - '42' Module(s) have been scanned
Scan process 'sihost.exe' - '71' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '38' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '32' Module(s) have been scanned
Scan process 'WacomHost.exe' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '296' Module(s) have been scanned
Scan process 'NvStreamUserAgent.exe' - '64' Module(s) have been scanned
Scan process 'conhost.exe' - '16' Module(s) have been scanned
Scan process 'igfxEM.exe' - '55' Module(s) have been scanned
Scan process 'igfxHK.exe' - '37' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '56' Module(s) have been scanned
Scan process 'igfxTray.exe' - '51' Module(s) have been scanned
Scan process 'Pen_TouchUser.exe' - '40' Module(s) have been scanned
Scan process 'SYNTPHELPER.EXE' - '26' Module(s) have been scanned
Scan process 'RuntimeBroker.exe' - '76' Module(s) have been scanned
Scan process 'opvapp.exe' - '48' Module(s) have been scanned
Scan process 'CoolSense.exe' - '48' Module(s) have been scanned
Scan process 'CLMLSvc_P2G8.exe' - '45' Module(s) have been scanned
Scan process 'nvtray.exe' - '50' Module(s) have been scanned
Scan process 'NvBackend.exe' - '69' Module(s) have been scanned
Scan process 'ShellExperienceHost.exe' - '82' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'SearchUI.exe' - '127' Module(s) have been scanned
Scan process 'SettingSyncHost.exe' - '59' Module(s) have been scanned
Scan process 'SystemSettingsBroker.exe' - '67' Module(s) have been scanned
Scan process 'DllHost.exe' - '35' Module(s) have been scanned
Scan process 'NetworkUXBroker.exe' - '67' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '46' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '54' Module(s) have been scanned
Scan process 'HPSmplPass.exe' - '88' Module(s) have been scanned
Scan process 'OPBHOBroker.exe' - '39' Module(s) have been scanned
Scan process 'opbhobrokerdsktop.exe' - '39' Module(s) have been scanned
Scan process 'RemoteServer.exe' - '79' Module(s) have been scanned
Scan process 'MySpeed.exe' - '61' Module(s) have been scanned
Scan process 'iSCTsysTray8.exe' - '45' Module(s) have been scanned
Scan process 'AccelerometerSt.exe' - '37' Module(s) have been scanned
Scan process 'always-on-top.exe' - '49' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '61' Module(s) have been scanned
Scan process 'avgnt.exe' - '124' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '139' Module(s) have been scanned
Scan process 'CLMSMonitorServicePDVD12.exe' - '15' Module(s) have been scanned
Scan process 'CLMSServerPDVD12.exe' - '89' Module(s) have been scanned
Scan process 'chrome.exe' - '186' Module(s) have been scanned
Scan process 'hpsa_service.exe' - '59' Module(s) have been scanned
Scan process 'chrome.exe' - '71' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '84' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'IntelMeFWService.exe' - '22' Module(s) have been scanned
Scan process 'jhi_service.exe' - '32' Module(s) have been scanned
Scan process 'LMS.exe' - '60' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '81' Module(s) have been scanned
Scan process 'chrome.exe' - '56' Module(s) have been scanned
Scan process 'Taskmgr.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'taskeng.exe' - '35' Module(s) have been scanned
Scan process 'avcenter.exe' - '162' Module(s) have been scanned
Scan process 'backgroundTaskHost.exe' - '52' Module(s) have been scanned
Scan process 'avscan.exe' - '90' Module(s) have been scanned
Scan process 'avscan.exe' - '121' Module(s) have been scanned
Scan process 'vssvc.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'avscan.exe' - '90' Module(s) have been scanned
Scan process 'avscan.exe' - '115' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'lsass.exe' - '80' Module(s) have been scanned
 
Starting to scan executable files (registry):
The registry was scanned ( '4902' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <Windows>
    [0] Archive type: RSRC
    --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\install\android\usb_drivers\amd64\WUDFUpdate_01009.dll
        [1] Archive type: RSRC
      --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\install\android\usb_drivers\i386\winusbcoinstaller2.dll
          [2] Archive type: RSRC
        --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.0\install\android\usb_drivers\i386\WUDFUpdate_01009.dll
            [3] Archive type: RSRC
          --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\install\android\usb_drivers\amd64\winusbcoinstaller2.dll
              [4] Archive type: RSRC
            --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\install\android\usb_drivers\amd64\WUDFUpdate_01009.dll
                [5] Archive type: RSRC
              --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\install\android\usb_drivers\i386\winusbcoinstaller2.dll
                  [6] Archive type: RSRC
                --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\sdks\4.5.1\install\android\usb_drivers\i386\WUDFUpdate_01009.dll
                    [7] Archive type: RSRC
                  --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\utilities\drivers\android\amd64\winusbcoinstaller2.dll
                      [8] Archive type: RSRC
                    --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\utilities\drivers\android\amd64\WUDFUpdate_01009.dll
                        [9] Archive type: RSRC
                      --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\utilities\drivers\android\i386\winusbcoinstaller2.dll
                          [10] Archive type: RSRC
                        --> C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\utilities\drivers\android\i386\WUDFUpdate_01009.dll
                            [11] Archive type: RSRC
                          --> C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\install\android\usb_drivers\amd64\winusbcoinstaller2.dll
                              [12] Archive type: RSRC
                            --> C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\install\android\usb_drivers\amd64\WUDFUpdate_01009.dll
                                [13] Archive type: RSRC
                              --> C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\install\android\usb_drivers\i386\winusbcoinstaller2.dll
                                  [14] Archive type: RSRC
                                --> C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5.5\sdks\4.5.0\install\android\usb_drivers\i386\WUDFUpdate_01009.dll
                                    [15] Archive type: RSRC
                                  --> C:\Program Files (x86)\Adobe\Adobe Flash CS5.5\AIR2.6\install\android\usb_drivers\amd64\winusbcoinstaller2.dll
                                      [16] Archive type: RSRC
                                    --> C:\Program Files (x86)\Adobe\Adobe Flash CS5.5\AIR2.6\install\android\usb_drivers\amd64\WUDFUpdate_01009.dll
                                        [17] Archive type: RSRC
                                      --> C:\Program Files (x86)\Adobe\Adobe Flash CS5.5\AIR2.6\install\android\usb_drivers\i386\winusbcoinstaller2.dll
                                          [18] Archive type: RSRC
                                        --> C:\Program Files (x86)\Adobe\Adobe Flash CS5.5\AIR2.6\install\android\usb_drivers\i386\WUDFUpdate_01009.dll
                                            [19] Archive type: RSRC
                                          --> C:\Users\drea\Downloads\chromeinstall-7u67.exe
                                              [20] Archive type: Runtime Packed
                                            --> C:\Users\drea\Downloads\Kinovea.Setup.0.8.15.exe
                                                [21] Archive type: NSIS
                                              --> AV00200186.AV$
                                                  [22] Archive type: CHM
                                                --> src/004-thumbs.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/004-observation.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/004-drawcommentsb.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/004-speed2.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/004-compare.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/004-export.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/tip.png
                                                    [WARNING]   The file could not be read!
                                                --> src/101-playbackd.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonstartselection.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonendselection.png
                                                    [WARNING]   The file could not be read!
                                                --> src/101-speedc.png
                                                    [WARNING]   The file could not be read!
                                                --> src/handlerleft.png
                                                    [WARNING]   The file could not be read!
                                                --> src/handlerright.png
                                                    [WARNING]   The file could not be read!
                                                --> src/102-import.png
                                                    [WARNING]   The file could not be read!
                                                --> src/magnifier2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/104-magnifier.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/114-deinterlace.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/115-highspeedcameras.png
                                                    [WARNING]   The file could not be read!
                                                --> src/116-mirrorb.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/105-levels.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/105-contrast.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/105-sharpen.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/103-grid2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/103-pgrid3.png
                                                    [WARNING]   The file could not be read!
                                                --> src/plane4.png
                                                    [WARNING]   The file could not be read!
                                                --> src/117-overviewc.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/close.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-toolbar.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/addkeyframe.png
                                                    [WARNING]   The file could not be read!
                                                --> src/thumb2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/close15x15.png
                                                    [WARNING]   The file could not be read!
                                                --> src/comments2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-commentsb.png
                                                    [WARNING]   The file could not be read!
                                                --> src/texttoolicon.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-label.png
                                                    [WARNING]   The file could not be read!
                                                --> src/activepencil.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-pencilb.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/line6.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-line.png
                                                    [WARNING]   The file could not be read!
                                                --> src/circle4.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-circle2.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/cross5.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-cross.png
                                                    [WARNING]   The file could not be read!
                                                --> src/angle5.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-angle.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/swatchicon3.png
                                                    [WARNING]   The file could not be read!
                                                --> src/107-color.png
                                                    [WARNING]   The file could not be read!
                                                --> src/golfobsref.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/126-opacity.png
                                                    [WARNING]   The file could not be read!
                                                --> src/126-sendtoothervideo.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/109-trajbasic.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/109-trajedit.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/109-modesb.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/109-trajfinal.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/chrono5.png
                                                    [WARNING]   The file could not be read!
                                                --> src/108-sw0.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/108-sw1.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/108-sw2b.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/120-calibrate.png
                                                    [WARNING]   The file could not be read!
                                                --> src/barreldistortion.png
                                                    [WARNING]   The file could not be read!
                                                --> src/120-trajb.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/tick.png
                                                    [WARNING]   The file could not be read!
                                                --> src/cross.png
                                                    [WARNING]   The file could not be read!
                                                --> src/weightlift-3d.png
                                                    [WARNING]   The file could not be read!
                                                --> src/106-compare.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonsync2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/401-markersync.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonprev.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonnext.png
                                                    [WARNING]   The file could not be read!
                                                --> src/106-superpositionbutton.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/106-superpo.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/camera-video.png
                                                    [WARNING]   The file could not be read!
                                                --> src/capture-pause4.png
                                                    [WARNING]   The file could not be read!
                                                --> src/capture-settings5.png
                                                    [WARNING]   The file could not be read!
                                                --> src/129-selectother.png
                                                    [WARNING]   The file could not be read!
                                                --> src/129-selectconfig.png
                                                    [WARNING]   The file could not be read!
                                                --> src/129-network.png
                                                    [WARNING]   The file could not be read!
                                                --> src/snap.png
                                                    [WARNING]   The file could not be read!
                                                --> src/control_rec.png
                                                    [WARNING]   The file could not be read!
                                                --> src/130-thumbnailoperations.png
                                                    [WARNING]   The file could not be read!
                                                --> src/130-savingdirectories.png
                                                    [WARNING]   The file could not be read!
                                                --> src/130-savingformats.png
                                                    [WARNING]   The file could not be read!
                                                --> src/130-filenaming.png
                                                    [WARNING]   The file could not be read!
                                                --> src/131-delay.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefscapturememory.png
                                                    [WARNING]   The file could not be read!
                                                --> src/111-exporttoolbar.png
                                                    [WARNING]   The file could not be read!
                                                --> src/111-exporttoolbar2.png
                                                    [WARNING]   The file could not be read!
                                                --> src/rafalesample-en.png
                                                    [WARNING]   The file could not be read!
                                                --> src/112-exportbar.png
                                                    [WARNING]   The file could not be read!
                                                --> src/112-exportdialog.png
                                                    [WARNING]   The file could not be read!
                                                --> src/110-savekeyimages.png
                                                    [WARNING]   The file could not be read!
                                                --> src/124-exporttoolbar.png
                                                    [WARNING]   The file could not be read!
                                                --> src/diaporama.png
                                                    [WARNING]   The file could not be read!
                                                --> src/timefreeze.png
                                                    [WARNING]   The file could not be read!
                                                --> src/savevideo.png
                                                    [WARNING]   The file could not be read!
                                                --> src/305-shortcutstab.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/folder_add.png
                                                    [WARNING]   The file could not be read!
                                                --> src/folder_delete.png
                                                    [WARNING]   The file could not be read!
                                                --> src/updatesoftware.png
                                                    [WARNING]   The file could not be read!
                                                --> src/updatemanual.png
                                                    [WARNING]   The file could not be read!
                                                --> src/updatevideos.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefsgeneral.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefsplayback.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefsdrawingsgeneral.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefsdrawingspersistence.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefscapturegeneral.png
                                                    [WARNING]   The file could not be read!
                                                --> src/303-prefscapturefilenaming.png
                                                    [WARNING]   The file could not be read!
                                                --> src/uibreakdownkvc.jpg
                                                    [WARNING]   The file could not be read!
                                                --> src/movetool.png
                                                    [WARNING]   The file could not be read!
                                                --> src/dock16x16.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonlock.png
                                                    [WARNING]   The file could not be read!
                                                --> src/outward4.png
                                                    [WARNING]   The file could not be read!
                                                --> src/selectionsmall.png
                                                    [WARNING]   The file could not be read!
                                                --> src/cursornavigator.png
                                                    [WARNING]   The file could not be read!
                                                --> src/401-keyimagesmarkers.png
                                                    [WARNING]   The file could not be read!
                                                --> src/401-markersstopwatches.png
                                                    [WARNING]   The file could not be read!
                                                --> src/401-markerstraj.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonfirst.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonplay.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonpause.png
                                                    [WARNING]   The file could not be read!
                                                --> src/buttonlast.png
                                                    [WARNING]   The file could not be read!
                                                --> src/playmodeloop.png
                                                    [WARNING]   The file could not be read!
                                                --> src/playmodeonce.png
                                                    [WARNING]   The file could not be read!
                                                --> src/snapmulti.png
                                                    [WARNING]   The file could not be read!
                                                --> #WINDOWS
                                                    [WARNING]   The file could not be read!
                                                --> $WWKeywordLinks/Property
                                                    [WARNING]   The file could not be read!
                                                --> $WWAssociativeLinks/Property
                                                    [WARNING]   The file could not be read!
                                                --> $OBJINST
                                                    [WARNING]   The file could not be read!
                                                --> $FIftiMain
                                                    [WARNING]   The file could not be read!
                                                --> #IDXHDR
                                                    [WARNING]   The file could not be read!
                                                --> #TOPICS
                                                    [WARNING]   The file could not be read!
                                                --> #URLTBL
                                                    [WARNING]   The file could not be read!
                                                --> #URLSTR
                                                    [WARNING]   The file could not be read!
                                                --> #STRINGS
                                                    [WARNING]   The file could not be read!
Begin scan in 'D:\' <RECOVERY>
 
 
End of the scan: Sunday, 6 December 2015  13:46
Used time:  3:53:06 Hour(s)
 
The scan has been done completely.
 
  75005 Scanned directories
 3022002 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 3022002 Files not concerned
  20018 Archives were scanned
      0 Warnings
      0 Notes
----------------------------------------------------------------------
 
Malwarebyte First scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 28/11/2015
Scan Time: 9:30 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.27.04
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: drea
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469802
Time Elapsed: 36 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.ShowPass, C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage, Quarantined, [f10ff98ae1aaff375839b0f18083748c], 
PUP.Optional.ShowPass, C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage-journal, Quarantined, [2cd4a9dac3c8ea4c5d34f4ad60a3d32d], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
---------------------------------------------------
Malwarebytes Second scan:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 06/12/2015
Scan Time: 9:25 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.05.06
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: drea
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472262
Time Elapsed: 51 min, 36 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.BestPriceNinja, C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [e694edb48efdf244fd15dd1d649f7987], 
PUP.Optional.BestPriceNinja, C:\Users\drea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [007a10913655b086c34fb64461a20ef2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
---------------------------------------------------------------
 
fixlist.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by drea (2015-12-08 08:16:06) Run:1
Running from C:\Users\drea\Downloads\frst
Loaded Profiles: drea &  (Available Profiles: drea & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
*****************
 
"HKU\S-1-5-21-3080413440-1471056018-455970439-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
"HKU\S-1-5-21-3080413440-1471056018-455970439-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
 
==== End of Fixlog 08:16:06 ====
 
-------------------------------------------------------
 
Lastly, your last forum post says 2 downloads but I can only see 1. Is there anything else in that last post that I missed?
 
Cheers,
Darren


#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 10 December 2015 - 08:24 AM

Hello 3drea,

You posted the scan log - please post the real time protection log that first showed the detection by Avira as you have mentioned.

We will use another scanner to make sure that the machine is clean.

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Regards,
Alex 



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 13 December 2015 - 07:14 PM

Hi there,

Are you still with me? It has been three days since my last post.

Regards,
Alex

#9 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 13 December 2015 - 07:20 PM

Hi Alex,

 

Yes, I'm still with you. I have gone through all the steps in your 2nd to last post and will post the results tonight. I had some important events over the weekend I had to attend, but I can post the results tonight when I get home from work. I ran the scan during the last night and it found one potentially unwanted program - uTorrent.exe. I forgot to remove the install exe from the downloads folder.

 

I can post the results tonight.

 

Thank your for all your help so far. I really appreciate it. You are all doing such a great service!!!



#10 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 14 December 2015 - 05:42 AM

Hi Alex,

Here is the log for the ESET online scanner.

C:\Users\drea\Downloads\uTorrent.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application cleaned by deleting - quarantined
 

Also, below is the real-time logs from Avira:

 

1/12/2015,9:15:50 [INFO] Update process started!
1/12/2015,9:15:58 [INFO] ---------------------------------------------------------
1/12/2015,9:15:58 [INFO] Engine version:  8.3.34.82
1/12/2015,9:15:58 [INFO] VDF version:  8.12.33.98
1/12/2015,9:15:58 [INFO] APC version:  2.7.1.3
1/12/2015,9:15:58 [INFO] RDF version:  14.0.5.6
1/12/2015,9:15:58 [INFO] Real-Time Protection Version: 15.00.14.257
1/12/2015,17:15:57 [INFO] Update process started!
1/12/2015,17:16:05 [INFO] ---------------------------------------------------------
1/12/2015,17:16:05 [INFO] Engine version:  8.3.34.82
1/12/2015,17:16:05 [INFO] VDF version:  8.12.33.102
1/12/2015,17:16:05 [INFO] APC version:  2.7.1.3
1/12/2015,17:16:05 [INFO] RDF version:  14.0.5.6
1/12/2015,17:16:05 [INFO] Real-Time Protection Version: 15.00.14.257
1/12/2015,19:15:58 [INFO] Update process started!
1/12/2015,19:16:08 [INFO] ---------------------------------------------------------
1/12/2015,19:16:08 [INFO] Engine version:  8.3.34.82
1/12/2015,19:16:08 [INFO] VDF version:  8.12.33.116
1/12/2015,19:16:08 [INFO] APC version:  2.7.1.3
1/12/2015,19:16:08 [INFO] RDF version:  14.0.5.6
1/12/2015,19:16:08 [INFO] Real-Time Protection Version: 15.00.14.257
1/12/2015,21:18:48 [INFO] Update process started!
1/12/2015,21:18:59 [INFO] ---------------------------------------------------------
1/12/2015,21:18:59 [INFO] Engine version:  8.3.34.82
1/12/2015,21:18:59 [INFO] VDF version:  8.12.33.128
1/12/2015,21:18:59 [INFO] APC version:  2.7.1.3
1/12/2015,21:18:59 [INFO] RDF version:  14.0.5.6
1/12/2015,21:18:59 [INFO] Real-Time Protection Version: 15.00.14.257
1/12/2015,21:39:20 [INFO] Update process started!
1/12/2015,21:39:29 [INFO] ---------------------------------------------------------
1/12/2015,21:39:29 [INFO] Engine version:  8.3.34.82
1/12/2015,21:39:29 [INFO] VDF version:  8.12.33.152
1/12/2015,21:39:29 [INFO] APC version:  2.7.1.3
1/12/2015,21:39:29 [INFO] RDF version:  14.0.5.6
1/12/2015,21:39:29 [INFO] Real-Time Protection Version: 15.00.14.257
2/12/2015,13:41:31 [INFO] Update process started!
2/12/2015,13:41:39 [INFO] ---------------------------------------------------------
2/12/2015,13:41:39 [INFO] Engine version:  8.3.34.82
2/12/2015,13:41:39 [INFO] VDF version:  8.12.33.166
2/12/2015,13:41:39 [INFO] APC version:  2.7.1.3
2/12/2015,13:41:39 [INFO] RDF version:  14.0.5.6
2/12/2015,13:41:39 [INFO] Real-Time Protection Version: 15.00.14.257
2/12/2015,19:11:38 [INFO] Update process started!
2/12/2015,19:11:45 [INFO] ---------------------------------------------------------
2/12/2015,19:11:45 [INFO] Engine version:  8.3.34.82
2/12/2015,19:11:45 [INFO] VDF version:  8.12.33.174
2/12/2015,19:11:45 [INFO] APC version:  2.7.1.3
2/12/2015,19:11:45 [INFO] RDF version:  14.0.5.6
2/12/2015,19:11:45 [INFO] Real-Time Protection Version: 15.00.14.257
2/12/2015,21:38:37 [INFO] Update process started!
2/12/2015,21:38:47 [INFO] ---------------------------------------------------------
2/12/2015,21:38:47 [INFO] Engine version:  8.3.34.82
2/12/2015,21:38:47 [INFO] VDF version:  8.12.33.178
2/12/2015,21:38:47 [INFO] APC version:  2.7.1.3
2/12/2015,21:38:47 [INFO] RDF version:  14.0.5.6
2/12/2015,21:38:47 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,3:27:26 [INFO] Update process started!
3/12/2015,3:27:34 [INFO] ---------------------------------------------------------
3/12/2015,3:27:34 [INFO] Engine version:  8.3.34.82
3/12/2015,3:27:34 [INFO] VDF version:  8.12.33.184
3/12/2015,3:27:34 [INFO] APC version:  2.7.1.3
3/12/2015,3:27:34 [INFO] RDF version:  14.0.5.6
3/12/2015,3:27:34 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,4:32:29 [INFO] Update process started!
3/12/2015,4:32:37 [INFO] ---------------------------------------------------------
3/12/2015,4:32:37 [INFO] Engine version:  8.3.34.82
3/12/2015,4:32:37 [INFO] VDF version:  8.12.33.186
3/12/2015,4:32:37 [INFO] APC version:  2.7.1.3
3/12/2015,4:32:37 [INFO] RDF version:  14.0.5.6
3/12/2015,4:32:37 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,5:37:37 [INFO] Update process started!
3/12/2015,5:37:45 [INFO] ---------------------------------------------------------
3/12/2015,5:37:45 [INFO] Engine version:  8.3.34.82
3/12/2015,5:37:45 [INFO] VDF version:  8.12.33.198
3/12/2015,5:37:45 [INFO] APC version:  2.7.1.3
3/12/2015,5:37:45 [INFO] RDF version:  14.0.5.6
3/12/2015,5:37:45 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,7:59:53 [INFO] Update process started!
3/12/2015,8:00:04 [INFO] ---------------------------------------------------------
3/12/2015,8:00:04 [INFO] Engine version:  8.3.34.82
3/12/2015,8:00:04 [INFO] VDF version:  8.12.33.224
3/12/2015,8:00:04 [INFO] APC version:  2.7.1.3
3/12/2015,8:00:04 [INFO] RDF version:  14.0.5.6
3/12/2015,8:00:04 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,8:32:26 [INFO] Update process started!
3/12/2015,8:32:34 [INFO] ---------------------------------------------------------
3/12/2015,8:32:34 [INFO] Engine version:  8.3.34.82
3/12/2015,8:32:34 [INFO] VDF version:  8.12.33.236
3/12/2015,8:32:34 [INFO] APC version:  2.7.1.3
3/12/2015,8:32:34 [INFO] RDF version:  14.0.5.6
3/12/2015,8:32:34 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,9:21:19 [INFO] Update process started!
3/12/2015,9:21:27 [INFO] ---------------------------------------------------------
3/12/2015,9:21:27 [INFO] Engine version:  8.3.34.82
3/12/2015,9:21:27 [INFO] VDF version:  8.12.33.238
3/12/2015,9:21:27 [INFO] APC version:  2.7.1.3
3/12/2015,9:21:27 [INFO] RDF version:  14.0.5.6
3/12/2015,9:21:27 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,10:54:48 [INFO] Update process started!
3/12/2015,10:54:57 [INFO] ---------------------------------------------------------
3/12/2015,10:54:57 [INFO] Engine version:  8.3.34.82
3/12/2015,10:54:57 [INFO] VDF version:  8.12.33.242
3/12/2015,10:54:57 [INFO] APC version:  2.7.1.3
3/12/2015,10:54:57 [INFO] RDF version:  14.0.5.6
3/12/2015,10:54:57 [INFO] Real-Time Protection Version: 15.00.14.257
3/12/2015,11:37:34 [INFO] Avira Free Antivirus service has been stopped!
3/12/2015,11:38:04 [INFO] ---------------------------------------------------------
3/12/2015,11:38:04 [INFO] Engine version:  8.3.34.82
3/12/2015,11:38:04 [INFO] VDF version:  8.12.33.242
3/12/2015,11:38:04 [INFO] APC version:  2.7.1.3
3/12/2015,11:38:04 [INFO] RDF version:  14.0.5.6
3/12/2015,11:38:04 [INFO] Real-Time Protection Version: 15.00.15.106
3/12/2015,11:38:04 [INFO] Avira Free Antivirus has been started successfully!
3/12/2015,11:38:04 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
3/12/2015,11:38:06 [INFO] Online services are available.
5/12/2015,8:38:31 [INFO] Successful Cloud SDK initialization and license check.
5/12/2015,8:38:31 [INFO] The file 'C:\Users\drea\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll' was scanned with the Protection Cloud. SHA256 = 02CE4EE81E47604E1ECC8B440836CFD1CD0749682A31A487AF1D2391454180B8
6/12/2015,9:20:35 [INFO] Avira Free Antivirus service has been stopped!
6/12/2015,9:22:53 [INFO] ---------------------------------------------------------
6/12/2015,9:22:53 [INFO] Engine version:  8.3.34.82
6/12/2015,9:22:53 [INFO] VDF version:  8.12.33.242
6/12/2015,9:22:53 [INFO] APC version:  2.7.1.3
6/12/2015,9:22:53 [INFO] RDF version:  14.0.5.6
6/12/2015,9:22:53 [INFO] Real-Time Protection Version: 15.00.15.106
6/12/2015,9:22:53 [INFO] Avira Free Antivirus has been started successfully!
6/12/2015,9:22:55 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
6/12/2015,9:22:57 [INFO] Online services are available.
6/12/2015,9:27:32 [INFO] Update process started!
6/12/2015,9:27:39 [INFO] ---------------------------------------------------------
6/12/2015,9:27:39 [INFO] Engine version:  8.3.34.88
6/12/2015,9:27:39 [INFO] VDF version:  8.12.34.126
6/12/2015,9:27:39 [INFO] APC version:  2.7.1.3
6/12/2015,9:27:39 [INFO] RDF version:  14.0.5.6
6/12/2015,9:27:39 [INFO] Real-Time Protection Version: 15.00.15.106
6/12/2015,10:17:39 [WARNING] A suspicious attempt to access the registry was blocked!
6/12/2015,17:54:31 [INFO] Avira Free Antivirus service has been stopped!
6/12/2015,18:14:05 [INFO] ---------------------------------------------------------
6/12/2015,18:14:05 [INFO] Engine version:  8.3.34.88
6/12/2015,18:14:05 [INFO] VDF version:  8.12.34.126
6/12/2015,18:14:05 [INFO] APC version:  2.7.1.3
6/12/2015,18:14:05 [INFO] RDF version:  14.0.5.6
6/12/2015,18:14:05 [INFO] Real-Time Protection Version: 15.00.15.106
6/12/2015,18:14:07 [INFO] Avira Free Antivirus has been started successfully!
6/12/2015,18:14:20 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
6/12/2015,18:14:21 [INFO] Online services are available.
6/12/2015,19:50:18 [INFO] Successful Cloud SDK initialization and license check.
6/12/2015,19:50:18 [INFO] The file 'C:\Users\drea\Downloads\FRST64.exe' was scanned with the Protection Cloud. SHA256 = DD61D2EA4C8059F67734E11221DED682276773D0361CB530D346E4C01C0A0176
6/12/2015,19:52:32 [INFO] The file 'C:\Users\drea\Downloads\frst\FRST64.exe' was scanned with the Protection Cloud. SHA256 = DD61D2EA4C8059F67734E11221DED682276773D0361CB530D346E4C01C0A0176
6/12/2015,20:23:00 [INFO] Update process started!
6/12/2015,20:23:10 [INFO] ---------------------------------------------------------
6/12/2015,20:23:10 [INFO] Engine version:  8.3.34.88
6/12/2015,20:23:10 [INFO] VDF version:  8.12.34.138
6/12/2015,20:23:10 [INFO] APC version:  2.7.1.3
6/12/2015,20:23:10 [INFO] RDF version:  14.0.5.6
6/12/2015,20:23:10 [INFO] Real-Time Protection Version: 15.00.15.106
7/12/2015,11:08:36 [INFO] Update process started!
7/12/2015,11:08:43 [INFO] ---------------------------------------------------------
7/12/2015,11:08:43 [INFO] Engine version:  8.3.34.88
7/12/2015,11:08:43 [INFO] VDF version:  8.12.34.156
7/12/2015,11:08:43 [INFO] APC version:  2.7.1.3
7/12/2015,11:08:43 [INFO] RDF version:  14.0.5.6
7/12/2015,11:08:43 [INFO] Real-Time Protection Version: 15.00.15.106
7/12/2015,18:34:34 [INFO] Update process started!
7/12/2015,18:34:45 [INFO] ---------------------------------------------------------
7/12/2015,18:34:45 [INFO] Engine version:  8.3.34.88
7/12/2015,18:34:45 [INFO] VDF version:  8.12.34.174
7/12/2015,18:34:45 [INFO] APC version:  2.7.1.3
7/12/2015,18:34:45 [INFO] RDF version:  14.0.5.6
7/12/2015,18:34:45 [INFO] Real-Time Protection Version: 15.00.15.106
7/12/2015,20:34:24 [INFO] Update process started!
7/12/2015,20:34:32 [INFO] ---------------------------------------------------------
7/12/2015,20:34:32 [INFO] Engine version:  8.3.34.88
7/12/2015,20:34:32 [INFO] VDF version:  8.12.34.178
7/12/2015,20:34:32 [INFO] APC version:  2.7.1.3
7/12/2015,20:34:32 [INFO] RDF version:  14.0.5.6
7/12/2015,20:34:32 [INFO] Real-Time Protection Version: 15.00.15.106
7/12/2015,22:35:45 [INFO] Update process started!
7/12/2015,22:35:54 [INFO] ---------------------------------------------------------
7/12/2015,22:35:54 [INFO] Engine version:  8.3.34.88
7/12/2015,22:35:54 [INFO] VDF version:  8.12.34.180
7/12/2015,22:35:54 [INFO] APC version:  2.7.1.3
7/12/2015,22:35:54 [INFO] RDF version:  14.0.5.6
7/12/2015,22:35:54 [INFO] Real-Time Protection Version: 15.00.15.106
8/12/2015,8:59:53 [INFO] Update process started!
8/12/2015,9:00:01 [INFO] ---------------------------------------------------------
8/12/2015,9:00:01 [INFO] Engine version:  8.3.34.88
8/12/2015,9:00:01 [INFO] VDF version:  8.12.34.200
8/12/2015,9:00:01 [INFO] APC version:  2.7.1.3
8/12/2015,9:00:01 [INFO] RDF version:  14.0.5.6
8/12/2015,9:00:01 [INFO] Real-Time Protection Version: 15.00.15.106
8/12/2015,10:59:52 [INFO] Update process started!
8/12/2015,10:59:59 [INFO] ---------------------------------------------------------
8/12/2015,10:59:59 [INFO] Engine version:  8.3.34.88
8/12/2015,10:59:59 [INFO] VDF version:  8.12.34.204
8/12/2015,10:59:59 [INFO] APC version:  2.7.1.3
8/12/2015,10:59:59 [INFO] RDF version:  14.0.5.6
8/12/2015,10:59:59 [INFO] Real-Time Protection Version: 15.00.15.106
8/12/2015,17:00:02 [INFO] Update process started!
8/12/2015,17:00:11 [INFO] ---------------------------------------------------------
8/12/2015,17:00:11 [INFO] Engine version:  8.3.34.88
8/12/2015,17:00:11 [INFO] VDF version:  8.12.34.210
8/12/2015,17:00:11 [INFO] APC version:  2.7.1.3
8/12/2015,17:00:11 [INFO] RDF version:  14.0.5.6
8/12/2015,17:00:11 [INFO] Real-Time Protection Version: 15.00.15.106
8/12/2015,23:07:40 [INFO] Update process started!
8/12/2015,23:07:49 [INFO] ---------------------------------------------------------
8/12/2015,23:07:49 [INFO] Engine version:  8.3.34.88
8/12/2015,23:07:49 [INFO] VDF version:  8.12.34.244
8/12/2015,23:07:49 [INFO] APC version:  2.7.1.3
8/12/2015,23:07:49 [INFO] RDF version:  14.0.5.6
8/12/2015,23:07:49 [INFO] Real-Time Protection Version: 15.00.15.106
9/12/2015,1:07:18 [INFO] Update process started!
9/12/2015,1:07:26 [INFO] ---------------------------------------------------------
9/12/2015,1:07:26 [INFO] Engine version:  8.3.34.88
9/12/2015,1:07:26 [INFO] VDF version:  8.12.34.252
9/12/2015,1:07:26 [INFO] APC version:  2.7.1.3
9/12/2015,1:07:26 [INFO] RDF version:  14.0.5.6
9/12/2015,1:07:26 [INFO] Real-Time Protection Version: 15.00.15.106
9/12/2015,12:43:22 [INFO] Update process started!
9/12/2015,12:43:31 [INFO] ---------------------------------------------------------
9/12/2015,12:43:31 [INFO] Engine version:  8.3.34.88
9/12/2015,12:43:31 [INFO] VDF version:  8.12.35.14
9/12/2015,12:43:31 [INFO] APC version:  2.7.1.3
9/12/2015,12:43:31 [INFO] RDF version:  14.0.5.6
9/12/2015,12:43:31 [INFO] Real-Time Protection Version: 15.00.15.106
10/12/2015,23:15:37 [INFO] Avira Free Antivirus service has been stopped!
10/12/2015,23:16:17 [INFO] ---------------------------------------------------------
10/12/2015,23:16:17 [INFO] Engine version:  8.3.34.88
10/12/2015,23:16:17 [INFO] VDF version:  8.12.35.76
10/12/2015,23:16:17 [INFO] APC version:  2.7.1.3
10/12/2015,23:16:17 [INFO] RDF version:  14.0.5.18
10/12/2015,23:16:17 [INFO] Real-Time Protection Version: 15.00.15.106
10/12/2015,23:16:17 [INFO] Avira Free Antivirus has been started successfully!
10/12/2015,23:16:18 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
10/12/2015,23:16:20 [INFO] Online services are available.
11/12/2015,8:55:20 [INFO] Update process started!
11/12/2015,8:55:28 [INFO] ---------------------------------------------------------
11/12/2015,8:55:28 [INFO] Engine version:  8.3.34.88
11/12/2015,8:55:28 [INFO] VDF version:  8.12.35.94
11/12/2015,8:55:28 [INFO] APC version:  2.7.1.3
11/12/2015,8:55:28 [INFO] RDF version:  14.0.5.18
11/12/2015,8:55:28 [INFO] Real-Time Protection Version: 15.00.15.106
11/12/2015,11:03:14 [WARNING] Real-Time Protection was disabled
11/12/2015,11:04:29 [INFO] Real-Time Protection was enabled
11/12/2015,11:05:45 [WARNING] Real-Time Protection was disabled
11/12/2015,11:37:52 [INFO] Update process started!
11/12/2015,11:38:01 [INFO] ---------------------------------------------------------
11/12/2015,11:38:01 [INFO] Engine version:  8.3.34.88
11/12/2015,11:38:01 [INFO] VDF version:  8.12.35.124
11/12/2015,11:38:01 [INFO] APC version:  2.7.1.3
11/12/2015,11:38:01 [INFO] RDF version:  14.0.5.18
11/12/2015,11:38:01 [INFO] Real-Time Protection Version: 15.00.15.106
13/12/2015,9:48:56 [INFO] Real-Time Protection was enabled
13/12/2015,9:55:49 [INFO] Successful Cloud SDK initialization and license check.
13/12/2015,9:55:49 [INFO] The file 'C:\Users\drea\Desktop\esetsmartinstaller_enu.exe' was scanned with the Protection Cloud. SHA256 = 7F929C8C870F3DCE617AFE8BA5E022AA1C34561C4DBDE1C6EE10698E5E8B3138
13/12/2015,9:57:23 [WARNING] Real-Time Protection was disabled
13/12/2015,10:48:18 [INFO] Update process started!
13/12/2015,10:48:27 [INFO] ---------------------------------------------------------
13/12/2015,10:48:27 [INFO] Engine version:  8.3.34.88
13/12/2015,10:48:27 [INFO] VDF version:  8.12.35.242
13/12/2015,10:48:27 [INFO] APC version:  2.7.1.3
13/12/2015,10:48:27 [INFO] RDF version:  14.0.5.18
13/12/2015,10:48:27 [INFO] Real-Time Protection Version: 15.00.15.106
13/12/2015,19:29:07 [INFO] ---------------------------------------------------------
13/12/2015,19:29:07 [INFO] Engine version:  8.3.34.88
13/12/2015,19:29:07 [INFO] VDF version:  8.12.35.242
13/12/2015,19:29:07 [INFO] APC version:  2.7.1.3
13/12/2015,19:29:07 [INFO] RDF version:  14.0.5.18
13/12/2015,19:29:07 [INFO] Real-Time Protection Version: 15.00.15.106
13/12/2015,19:29:08 [INFO] Avira Free Antivirus has been started successfully!
13/12/2015,19:29:10 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
13/12/2015,19:29:55 [INFO] Online services are available.
13/12/2015,19:32:14 [INFO] Avira Free Antivirus service has been stopped!
13/12/2015,19:35:19 [INFO] ---------------------------------------------------------
13/12/2015,19:35:19 [INFO] Engine version:  8.3.34.88
13/12/2015,19:35:19 [INFO] VDF version:  8.12.35.242
13/12/2015,19:35:19 [INFO] APC version:  2.7.1.3
13/12/2015,19:35:19 [INFO] RDF version:  14.0.5.18
13/12/2015,19:35:19 [INFO] Real-Time Protection Version: 15.00.15.106
13/12/2015,19:35:20 [INFO] Avira Free Antivirus has been started successfully!
13/12/2015,19:35:22 [INFO] Real-Time Protection configuration used:
      - Files to scan: scan files from local drives
      - Files to scan: Use file extension list: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP 
      - Device mode: Scan file on open, scan file on close
      - Actions: ask the user
      - Scan archive: Disabled
      - Heuristic: Enabled
      - Win32 file heuristic: Medium detection level
      - Logfile report level: Default
13/12/2015,19:35:45 [INFO] Online services are available.
13/12/2015,21:07:31 [INFO] Successful Cloud SDK initialization and license check.
13/12/2015,21:07:31 [INFO] The file 'C:\Users\drea\Desktop\esetsmartinstaller_enu.exe' was scanned with the Protection Cloud. SHA256 = 7F929C8C870F3DCE617AFE8BA5E022AA1C34561C4DBDE1C6EE10698E5E8B3138
13/12/2015,21:07:37 [WARNING] Real-Time Protection was disabled
13/12/2015,22:48:06 [INFO] Update process started!
13/12/2015,22:48:19 [INFO] ---------------------------------------------------------
13/12/2015,22:48:19 [INFO] Engine version:  8.3.34.88
13/12/2015,22:48:19 [INFO] VDF version:  8.12.36.2
13/12/2015,22:48:19 [INFO] APC version:  2.7.1.3
13/12/2015,22:48:19 [INFO] RDF version:  14.0.5.18
13/12/2015,22:48:19 [INFO] Real-Time Protection Version: 15.00.15.106
14/12/2015,0:47:57 [INFO] Update process started!
14/12/2015,0:48:05 [INFO] ---------------------------------------------------------
14/12/2015,0:48:05 [INFO] Engine version:  8.3.34.88
14/12/2015,0:48:05 [INFO] VDF version:  8.12.36.12
14/12/2015,0:48:05 [INFO] APC version:  2.7.1.3
14/12/2015,0:48:05 [INFO] RDF version:  14.0.5.18
14/12/2015,0:48:05 [INFO] Real-Time Protection Version: 15.00.15.106
14/12/2015,2:47:45 [INFO] Update process started!
14/12/2015,2:47:53 [INFO] ---------------------------------------------------------
14/12/2015,2:47:53 [INFO] Engine version:  8.3.34.88
14/12/2015,2:47:53 [INFO] VDF version:  8.12.36.26
14/12/2015,2:47:53 [INFO] APC version:  2.7.1.3
14/12/2015,2:47:53 [INFO] RDF version:  14.0.5.18
14/12/2015,2:47:53 [INFO] Real-Time Protection Version: 15.00.15.106
14/12/2015,19:14:17 [INFO] Update process started!
14/12/2015,19:14:25 [INFO] ---------------------------------------------------------
14/12/2015,19:14:25 [INFO] Engine version:  8.3.34.88
14/12/2015,19:14:25 [INFO] VDF version:  8.12.36.72
14/12/2015,19:14:25 [INFO] APC version:  2.7.1.3
14/12/2015,19:14:25 [INFO] RDF version:  14.0.5.18
14/12/2015,19:14:25 [INFO] Real-Time Protection Version: 15.00.15.106
 
END
 
Thanks again for your help.
 
Darren


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 15 December 2015 - 06:42 AM

Hello Darren,

How is your computer running now?

Can you post the real-time protection log on the date that Avira detected the keylogger? If it's still in Quarantine, you can check the date to see the day it got quarantined.

Regards,
Alex

#12 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2015 - 05:03 PM

Hi Alex,

 

The computer seems to be still running very slow. I'm still very cautious of typing in passwords. I was considering rolling back to a restore point or completely wiping it with a new install of windows.

 

There wasn't anything quarantined in Avira. I thought that the voice and warning was avira but it must not have been since there is no log or quarantine of any kind in Avira. I can't quite remember the date that it happened, I think it was the 3rd of December, so I included the real-time logs of all of December.

 

Thanks for your help. We really appreciate it.

 

Cheers,

Darren



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 17 December 2015 - 08:34 AM

Hello Darren,

As I do not use Avira, I do not have any knowledge to guess what could have happened. Regardless, if Avira did not quarantine anything then we will leave it be.

If you wish to wipe your Windows installation and start over, I can offer my assistance in backing up and reinstalling.

Please create one last set of FRST logs for me - FRST.txt and Addition.txt.

Regards,
Alex

#14 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:28 AM

Posted 19 December 2015 - 10:34 PM

Hi there,

Are you still here with me? It's been three days since my last post.

Regards,
Alex

#15 3drea

3drea
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 20 December 2015 - 08:07 PM

Hi Alex,

 

Sorry for the late reply.

 

Please find attached the new FRST scans.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users