Jump to content


Photo

Need to completely reset a computer without any (current) recovery tools


  • Please log in to reply
73 replies to this topic

#1 Himi

Himi

    Advanced Member

  • Full Member
  • PipPipPip
  • 145 posts

Posted 21 October 2015 - 08:45 AM

Hello everyone,

 

I hope someone here can help me, even if my question is probably completely stupid and might sound really inexperienced. I'm from Germany, so my English also isn't perfect, but it hopefully will be fine.

 

Because my old computer is on the verge of breaking, I have been given a used laptop as a gift. My father had bought it on vacation, so I have unfortunately no methods of contacting the original owner. When I booted it, I was shown a non-wiped harddrive also full of what I know as problematic software. As I cannot tell which installed programs are needed and which aren't - I never had an ASUS before - a complete wipe seems like the best solution.

 

The problem is that absolutely no recovery things were included. As I said, my old computer is, well, old, and I'm used to having a recovery CD for drivers and one for Windows included. If one of these things ever existed for my "new" computer but were just never given to me... I have no idea. All I found in the computer options was a "AI Recovery Burner" which allows me to create a set of DVDs for reboot/recovery, but I have severe doubts that will also include any drivers. I do not own an original Windows 7 CD, I have absolutely no documents when it comes to the new laptop so also no Key I might need for a reinstalled Windows 7... what should I do? Is formatting the harddrive/a complete reset even possible at this point? I admit I am completely lost as to how to approach this because I never had to do something like that before.

 

My new laptop is an ASUS R900V currently running Windows 7 Premium. I do absolutely not want to upgrade to another Windows version - part of why my father just bought the thing from someone he didn't know was because I was absolutely unable to find a new laptop which still came with WIndows 7 installed.

 

Any help would be really appreciated! Thank you so much!



#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,529 posts

Posted 23 October 2015 - 09:00 PM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,139 posts

Posted 24 October 2015 - 07:31 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
I'll wee what I can do.
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
  • POST THE LOG FOR MY REVIEW.
     
    Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately.
    ===
     
    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
  • ===
     
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
     
    How is the computer running now?
    Wait for further instructions.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #4 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 26 October 2015 - 04:24 PM

    Hello and thank you very much for your answer!

     

    Before I do all that: Is there any chance of wiping the hard drive completely? There is literally everything from the former owner on there - private documents and photos and of course also software. I have no chance of identifying which software is needed by Windows and which is not and I would really prefer to start over with a clean harddrive. I have by now managed to get my hands on a Windows 7 version matching the one I need (I found a sticker with the key on the bottom of the computer) so formatting the harddrive and setting Windows up again should be possible. My problem are the drivers.

     

    If finding the drivers online is not possible, I guess trying to clean the harddrive of as much mess as possible is still the way to go, but starting over with a clean harddrive would be what I prefer.



    #5 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 27 October 2015 - 06:55 AM

    All you need to know is here.

     

    http://windows.micro...s#1TC=windows-7

     

    If you can I suggest you print all the instructions for your guidance.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #6 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 11:22 AM

    Alright! I have formatted the harddrive now and reinstalled Windows, which worked well. But, as expected, I have run into extreme driver troubles. It took me forever, but I managed to re-install most of them, but now I'm stuck. I have two drivers left which I just can't seem to be able to install no matter what. I should also add that Windows Update finished all its work, so all updates, including the SP1 and all security updates, are installed. The sole exception is that horrible Windows 10 thing - I didn't download that update since I didn't want my computer nagging me with that white flag in the taskbar to upgrade.

     

    In the device manager, these two drivers which are still labeled with that yellow exclamation mark are labeled "Ethernet-Controller" and "USB-Controller". I have downloaded the appropriate drivers from the ASUS website, but encounter the following issues:

     

    - For the USB-Controller: Installing the driver through its setup.exe works (as in the installation finishes), but does absolutely nothing. The exclamation mark doesn't vanish, USB is still not working. Using the device manager to try to install the driver by letting it do it manually gives me the message that there was no fitting driver found in the folder. Letting Windows search for fitting drivers online gives me a message that no drivers could be found (but yes, internet works already).

     

    - For the Ethernet-Controller: Installing the driver throgh its setup.exe gives me, in the middle of the installation process, an error message. It simply says "FindFile failed". However, the installation does finish then and tells me it found everything. Obviously a lie as again, nothing changes in the device manager and the exclamation mark remains. Running setup again and choosing the "repair driver" option repeats the same process. Just like with the other driver, using the device manager to try to install the driver by letting it do it manually gives me the message that there was no fitting driver found in the folder. Letting Windows search for fitting drivers online gives me a message that no drivers could be found.

     

    Obviously I especially need USB really badly to a) finally use a mouse so that I can stop struggling with the touchpad and b) can use my external harddrive to transfer data from my old computer. So I really would appreciate it if I could get help with these two drivers. The Ethernet-Driver is labeled simply as "Realtek LAN Driver" on the ASUS website white the USB one is called "Intel USB3.0 Driver". There is a second USB driver available on the ASUS website called "AsMedia USB3.0 Driver" and of course I tried that one, too, but it doesn't come with a setup.exe and the device manager also doesn't find what it needs in there if I specify that folder for driver search.


    Edited by Himi, 27 October 2015 - 11:27 AM.


    #7 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 12:37 PM

    I apologize for the intrusion...  I just recently built a new computer and needed to set up the OS on both the new one and the old one...  I am assuming you are using Win7 - is that correct??  If so, it should automagically install all of the drivers that you need without having to search for them...  Have you plugged your USB mouse into the computer and attempted to see if you automatically get the driver?? 

     

    The exclamation mark may be that it installed a driver that was incorrect...  Try to remove that driver and see what happens...  I would do the same with the USB driver and then plug in the mouse...  It is generally a good idea to rely on the automagic install of drivers than to get find them from the web site if possible...  If there is a driver in place, the automagic install from Windows Update will not override and you can get stuck with a bad driver...  I had install disks for my mainboards, so I was able to install a bunch of drivers that way, but I removed them and let Windows do it if there was a problem with any of them...

     

    For the Ethernet driver - since you have Internet access, it appears that you do have a valid driver installed...  I would create a backup Restore Point before proceeding with deleting the Ethernet driver in case it is the only driver and removing it blocks access to the Internet...  If that happens, restore the latest Restore Point and you should get your Internet back... 

     

    On another note - I am using Win 10 on the new computer and it certainly is a pain in some ways...  It starts with the assumption that the user is an idiot so you lose control over Windows Updates, but it has the advantage that it will be supported for a much longer time than Win 7...  Once you do some tweaking, it can be decent...  I keep Win 7 on my older computer because I need Windows Media Center to run my TV services...  Once  I switch to Internet based services in about a year and a half, I will either keep that one as a backup computer or upgrade it to Win 10 (or whatever might be available then)...  If you really don't want that nag ad for Win 10 - you need to "hide" the update that includes it or it will keep trying to install again... 


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #8 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 01:17 PM

    Thank you for your reply! I am indeed using Windows 7 Home Premium!

     

    I have plugged in my USB mouse. What happens then is that I get another exclamation mark (called USB Mouse) and nothing else happens. As the mouse worked perfectly fine before the wipe and also works fine on my old computer, it's definitely an USB issue. Same problem with the harddrive. It appears the so-called USB-Controller is more of a general thing and each USB device adds another exclamation mark. (I obviously don't know much about these things, sorry if I seem completely stupid). If I tell the computer to uninstall something with an exclamation mark it tells me it will remove that thing permanently. Do I want that? I don't even know what exactly these things are; they were there from the start, so I dunno how to get them back, so to speak.

     

    As for the Ethernet driver, the ASUS website offered a LAN and a WLAN driver. Once I installed the WLAN driver, internet started to work and some other exclamation marks vanished. I started with all of the following: USB-Controller, SM-Bus-Controller, USB2.0-SRW, Ethernetcontroller, Networkcontroller, PCI-Communicationscontroller (Translated from German to English) and got rid of all of them except for my two stubborn ones. Shall I proceed with deleting the Ethernet driver? (I admit I don't even know what it is for. I just want everything installed so that I can make some recovery disk of the whole computer so that I never have to get through all that trouble again if I ever need to reinstall things once more).

     

    As for Windows 10, thank you for your advice but I am already using some programs which make Windows 7 look like Windows 98 (as in the start menu and the taskbar and all that stuff). I am not a fan of any of the new designs and change things to heavily classical looks instead. It took me months to find everything I needed to make Windows 7 look "nice" again and I don't want to do it all over again.



    #9 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 01:55 PM

    Yes, delete the marked drivers completely...  What you are likely to find is that they will be reinstalled by Windows almost immediately, so the "permanently" is really very temporary...  If they aren't promptly reinstalled, do a reboot and they probably will be then...  Make sure you have the mouse plugged in during the reboot...  If you run into trouble, use the latest Restore Point...  However, it is unlikely that you will need that since Windows is designed to do most of it without much user intervention these days... 

     

    And yes, the USB controller manages a lot of stuff...  If you completely remove it, Windows will promptly reinstall if because of that...  Do not attempt to install one that you downloaded from ASUS unless nothing else will work...  If you have the specific drivers for that particular computer, it might be worth it initially, but it is likely that you would need it updated anyway...

     

    It isn't stupid to not know this stuff - the average user rarely has to deal with it and that is even more the case now that so much is automatic...

     

    If you are trying to keep things looking like Win 98, you would REALLY HATE Win 10!!  You will probably eventually need to learn how to use newer versions since Win 7 will no longer be supported in a few years and it will become less capable of running a lot of software as Windows evolves... 


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #10 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 02:29 PM

    Okay, deinstalled things, rebooted and they were back indeed - however, they still both have the exclamation mark and there was one of these "speech bubbles" on the bottom right corner for a second after the reboot which first said something about installing and then that installation has failed. So no changes at all. Letting Windows search for drivers still yielded no result and for both the message that no drivers could be found.

     

    Also... I suddenly got a screen that my Windows key cannot be used and that I need to phone or use a different key or something? I am confused. It went away after the reboot, but I am quite a bit frightened now. Did I do something wrong during the formatting?

     

    I do like all the "new" fuctions of Windows 7 (it's not really new anymore, after all...), but I absolutely hate the design and adjust things on the visual front. I never used later versions of Windows, but I will take your word for it that I'll hate them. But hopefully, when I have to switch one day, there will be things available to make Windows 10 look more simple again as well.



    #11 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 03:14 PM

    When you got the drivers from ASUS, did you get them specifically for the model of laptop that you have??  If you specify that model, it should get you to the downloads that would have been on the original install disk...  It is possible that you will need that, although that would be unusual...  It could be an issue with Windows not being fully activated - some Update features don't work if it isn't updated...  Also, in Windows Update, make sure it is set to allow updates from things other than Windows...  Also, have you used the Update Driver option in Device Manager and let it search the Internet for the appropriate driver??

     

    For the issue with the Windows key - call them and explain the situation...  Sometimes there is an issue with activation and it is simply a matter of sorting it out with them on the phone...  If you are using the install that came with the computer and the key that was valid at the time, it should still be valid, but they may need to manually activate it... 

     

    I usually tweak Windows to provide more information and that usually means looking more like classic versions...  I have found that it is difficult to do that in Win 10, but I have only been dealing with it for a few weeks...  I find that it is difficult to find a lot of things that used to be easy, so that is frustrating...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #12 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 03:23 PM

    Yes, I got the drivers specifically for the laptop model I have. They let you specify that on their website, though I found it very lacking in explanation (as they sometimes have three or more different drivers listed and no word if I need them all or something). And these were indeed the ones I tried to install and the result were the error message (for the Ethernet one) and the installed-but-not-changing-anything driver for the USB one. Also Windows found other drivers through its updates, though. And yes, I used the Update Driver option to look for drivers online and also the "look on computer" option to have the device manager look into the folder where I keep the downloaded drivers.

     

    What exactly does "the install that came" mean? There were absolutely no recovery disks at all, so I downloaded an ISO of Win7 matching the version named on the sticker and then entered the key from the sticker when it asked me to do that. Was that wrong? That's what my friend adviced me to do since I obviously needed to get my hands on a version of Windows 7 somehow.

     

    Windows 10 sounds.... yeah, difficult. I hope that by the time Windows 7 support ends things might have changed on that front so that a change will be easier for me. I like my small, square taskbars without any distracting round buttons and stuff like that.



    #13 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 05:05 PM

    What exactly does "the install that came" mean? There were absolutely no recovery disks at all, so I downloaded an ISO of Win7 matching the version named on the sticker and then entered the key from the sticker when it asked me to do that. Was that wrong? That's what my friend adviced me to do since I obviously needed to get my hands on a version of Windows 7 somehow.

     

     

    Most computers which come with Windows pre-installed have a hidden partition with Windows in it...  If you totally wiped the drive, including removing the hidden partition, you wiped that out too...  However, if you only reformatted and/or wiped the boot drive section, you may still have the original version installed...  If you downloaded an ISO of Win 7 from some site other than MS, you could easily have a corrupted version and it may even come with malware already installed...  Windows has software to detect if it is a legitimate version, so that could be why you are having trouble getting it activated and why the drivers are not loading properly...  If you go to Administrative Tools - Computer Management - Disk Management, you will be able to see if there is a hidden partition...  If there is, there is also a way to create install disks from that partition and to then install the version of Windows that came with the computer...  It is likely that it will then activate properly using the key that is on the computer...  It may also then update properly, especially since drivers for that computer are probably in that hidden partition...  You may need to search MS Knowledgebase about how to use the partition - I always build my own systems and install Windows from disks, so I haven't actually done the partition based install...

     

    This article will give you a clearer idea of the issue:

     

    http://www.computerh.../h/hiddpart.htm

     

    Here are some pages I found about the issue with a quick Google search:

     

    http://answers.micro...2b36c4d5?auth=1

    http://www.sevenforu...y-settings.html

    http://www.sevenforu...ption-pick.html

     

    As for the ASUS website being confusing, my old mainboard is ASUS and I have struggled with their vague download site a number of times...  :ugh:


    Edited by Budfred, 27 October 2015 - 05:06 PM.
    To remove reference to YouTube sites...

    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #14 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 05:21 PM

    It had indeed the hidden partition, but I erased it since I didn't want any of the pre-installed ASUS-crap and had a clean version of Windows at hand. I did know what I was doing when I formatted the recovery partition and did it on purpose. Well then... maybe that wasn't very smart of me, but I really wanted a clean version of Windows and nothing of the additional software the companies force upon me. Uhm... what now? Do I actually have to buy a Windows 7 now? I really don't have the money for that...

     

    I downloaded the ISO from a very famous German computer website (It's called Winfuture, no idea if an English version exists), so I would think that the ISO is legal. I burned it on DVD using the official tool from Microsoft (Win 7 USB DVD Download Tool) and that went without a problem, either. Not sure if that says anything, though. The only thing which confused me is that the ISO came with SP1 installed when it was said everywhere on German websites that this version of Windows (Home Premium 64-bit) doesn't come with pre-installed SP1. I guess that should have been a telltale sign that something was wrong... Uh, what do I do now? I have to do everything again after getting a good ISO from somewhere, right? But from where?



    #15 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 06:07 PM

    There is no legit site to download Windows other than Microsoft...  Even the sites that would sell a legit download would probably simply redirect from MS to allow the download after you pay for it...  That means that any copy that you download from another site is going to have the potential of being corrupted and/or infected and MS is likely to detect it as a bootleg...  They are very invested in stopping piracy, so they work hard to block it...  Since you deleted the backup version, you could contact ASUS about getting another backup using the key that you have to verify that you are entitled to it...  They are really hard to work with, but they may be willing to do it if you can establish ownership of the laptop...  It is fairly easy to remove most of the junk that they install by default and you can probably block some of it getting installed by using the "custom install" option when you install Windows...  If you don't manage to do all of this, you will be unable to do most updates for Win 7 and may have other limitations since it won't be activated...  Since it isn't a legit copy, calling MS will simply result in them telling you to get a legit copy, so it is probably not worthwhile to do... 

     

    And yes, it is probably not a good idea to remove that hidden partition unless it is for a truly obsolete version of Windows...  I have removed it when wiping drives prior to recycling them and I did when setting up a laptop for a friend's grandchild with a much more advanced version of Windows than what was on the original, but otherwise I leave it alone even if I install another version of Windows...  At this point, it is too late...  However, if you get another copy from ASUS, you will likely get the hidden partition established again and I suggest holding on to it...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #16 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 07:03 PM

    As it was a private sale and the laptop didn't come with any papers from the store it was originally from, I don't think I have anything except for the key of the Windows version, which is probably not enough to prove anything to ASUS.

     

    Before I erased and formatted everything, I however did something - there was something called "AI Recovery Tool" installed before I formatted the hard drive and since I had no clue about ISOs at that point, I used that program and it wrote five DVDs of... something. I don't know exactly what it did, though, but could these DVDs be of any use? I didn't pay any attention to them anymore after I got the Windows ISO, but I still have them.

     

    What exactly does it mean to not do all updates of Windows? Because I ran the Windows Update and installed literally everything except for the Windows 10 thing and didn't run into any trouble. It's really only the two drivers being stupid at this point. Don't get me wrong, I definitely don't want to do anything illegal! But really... this is all stupid, back in the days computers came with recovery disks and you just needed to install everything from them and today it's such a hassle!



    #17 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 07:18 PM

    You also have the laptop itself and, if you look carefully, probably a tag with the serial number and/or more information...  I suggest checking out the ASUS site to see what options they have...  Since ASUS sold it with that key and probably has record of that, it is quite possible that it will be all that you need along with the model number...  Most people don't keep any of the paperwork anyway... 

     

    I know ASUS has an AI program that does a bunch of different things, so it is possible that it created install disks...  However, if you created it through Windows, it could have brought along some of the malware that was on the computer originally...  As long as "Autorun" is disabled, you could check them to see what is on them - you are at least likely to have drivers on them...  If you want to be safer, boot using a program that will allow you to look at the contents without entering Windows - I have a couple of different programs that can do that - usually called "system recovery" or something like it...  You can also download a variety of programs that will do it...  Of course, if ASUS gets you a fresh copy of what was on the hidden partition, none of this will matter...

     

    I think Win 7 lets you do a bunch of updates before the activation is complete...  However, it will eventually block updates if not activated, particularly security updates if I remember correctly... 


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #18 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 27 October 2015 - 07:32 PM

    Oh my gosh, this is all so much more work than I thought it would be. All I wanted was a clean hard drive... I just checked the ASUS website and they offer a program if needed which is to be used together with the recovery partition, but that's seemingly it. Wonderful.

     

    Well, Malware can at least be removed... seriously I just want a working computer at this point without having to pay ASUS or MS tons of money. So I suppose I have to see what's on the disks. There's five of them in total, so any instructions/programs to help see what's on them would be very much appreciated. I'm really grateful for all the help; I would have never imagined this would turn into such a hassle and timeconsuming thing.



    #19 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 27 October 2015 - 08:51 PM

    The simplest way to check the disks is to make sure that "Autorun" is turned off in Windows and look at them with Windows Explorer...  I am not up on what programs are available for download that you can use to read them from a boot disk, but I know they are out there...  I use System Suite which I bought years ago...  If I were looking for one now, I would probably go to Cnet or a similar download site, but note that none of them will guarantee that download programs are clean...   If you don't know how to boot to a flash drive or optical disk, here is ASUS on that:
     

    http://www.asus.com/...D1/?keyword=faq

     

    I wasn't able to find any info for ASUS R900V on their site...  You can get a copy of Win 7 for about $80 US and given that you probably deleted your existing legit copy, that might be your best option if you don't have a usable version on those recovery disks that you made...

     

    Another option is that you could see if you can boot to the first recovery disk that you made and whether it gives you the option of reinstalling Windows...  It is very likely that all of your drivers are on those disks...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #20 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 28 October 2015 - 11:07 AM

    Okay I talked to ASUS people and yeah, no warranty + no paperwork = no chance of me getting anything. As easy as that - here in Germany the paperwork from when the computer was bought in the store is absolutely required. No chance at all without it to get anything out of the ASUS people otherwise.

     

    I have absolutely zero idea how to turn Autorun off. Any help with that? I could then look at them with my old computer I'm using right now; at least this one has full antivirus protection installed anyway so basically nothing bad should happen malware-wise no matter how much I mess up, haha.

     

    The model I have is listed as ASUS R900VM on their website; the sticker on mine just says R900V, but I looked at the packaging and it said R900VM there and that's something at least listed in the driver section.



    #21 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 28 October 2015 - 12:00 PM

    Here is information about AutoPlay and AutoRun in Windows - it looks like you just need to disable AutoPlay to keep things from running automatically...

     

    http://windows.micro...lay-and-autorun

     

    This is about disabling AutoPlay:

     

    http://windows.micro...s#1TC=windows-7

     

    Hopefully those disks contain the programming that you need to restore the whole system...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #22 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 28 October 2015 - 01:04 PM

    Okay, awesome! Thanks so much!

     

    I just opened the first of the five disks in Windows Explorer and took a look. There are three folders called "Boot", "EFI" and "Sources". Also there are several other things - an .exe called "imagex", a .txt file called "BurnEngine" which I opened - it just contains the text "MS IMAPI2". There also is a file called bootmgr and a REALLY huge thing called AsusRdvd. Its type is called "disk image file" or something like that (it's in German). There's of course more stuff in the folders (like more folders), but maybe you can already tell me if this is something I could/should try using? I don't want to break more things than I already have, so I figured I better ask.



    #23 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 28 October 2015 - 01:17 PM

    If there is an executable file that looks like it would open a program that might contain the restore options, I would try opening that...  It might be autorun.inf or it could be a setup file...  It seems likely that your Windows is in there and if you created it from the hidden partition, it is probably not infected...  From the options you listed, I can't tell which one is likely to be the one you need...  The AsusRdvd file is likely the primary image which contains Windows, so it is a matter of figuring out how to open it...  It may simply be a matter of booting with the disk in the drive so that it will boot to it...  Here is a discussion that might help:

     

    http://forums.anandt...d.php?t=2264542


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #24 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 28 October 2015 - 02:19 PM

    Okay I just tried everything. Booting with the DVD in the drive did nothing (and I think it should have, since I had set the BIOS to boot from there first when I formatted the hard drive). There also seems to be no autorun function, so I started clicking on things. First the "imagex" thing, which opened one of these MS-DOS like windows for a split second. No chance to read what was written there, but then it closed and that was it. I found another file called "etfsboot" in the "boot" folder, labeled as an MS-DOS-executeable file and when I tried clicking on it, I got an error message telling me that this version is not compatible with the currently running operating system and also mentioned the 64-bit and 32-bit thing. It closed after the error message. I'm confused now as both the old version before the formatting and the one from the ISO are 64-bit. Not sure what else to do, I didn't find any other executeable files.



    #25 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 28 October 2015 - 05:23 PM

    If it loads the system from boot, it makes sense that the executables would not run from Windows...  It would determine that Windows is already installed and cancel any attempt to install...  I suggest that you boot to your BIOS settings and see if you can use the recovery option mentioned for ASUS to then use the disk to do the recovery...  I am afraid that I haven't done that, so I am not exactly sure how it is supposed to go, but it is unlikely that it would hurt anything to try it...  It sounds like you know how to boot to the BIOS settings and you may want to review the pages about using ASUS recovery before you start...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #26 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 28 October 2015 - 07:45 PM

    Actually all I know is how to open BIOS and change the settings of what gets checked first (so it tries to boot from CD-Rom drive first and then from harddrive). I did that with a step-by-step explanation of my German friend because I don't even know what BIOS is. I am not sure what else can be done in BIOS, really (or what exactly you are asking me to do. Boot the DVD from BIOS or something? Maybe it's just my bad English, but it's probably more like the fact that I don't understand what BIOS is. I can follow instructions, but I am lost on my own, haha). Also the recovery mentioned by ASUS did in no way involve the disks or the program I made them with; they involved a different program which somehow gets access to the recovery partition of the harddrive. So ASUS doesn't help me there, unfortunately.

     

    I'm really sorry for causing you so much trouble and being so helpless! Thank you so much for helping me, you are probably very frustrated with me because I have no clue what is going on most of the time.



    #27 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 28 October 2015 - 11:17 PM

    The only frustration I feel is the one I have experienced for many years - that I can't sit in front of your computer and look through the disks and other issues myself...  I have generally worked my way through these kinds of things by doing some research, trying things and following directions from others when I have gotten stuck...  Everyone starts at different points and you are far more advanced than many others... 

     

    As for what might be in the BIOS to help with this recovery, I would just look through each setting with an emphasis on things that say anything about recovery to see if you can find a way to access the disks through the BIOS...  I would probably also take a look at each disk and see if any of them have something that looks like it might start the install...  I would probably rotate through them and see if any of them will boot when rebooting the system...  The file called AsusRdvd will probably have the ending .001 if it is the correct starting disk...

     

    Here is a guide describing how to use the disks to restore something called a G75, but I think the details apply to the disks for any system...

     

    https://rog.asus.com...-to-Restore-G75

     

    I am not able to see the jpg of the page you reach when you press ESC at boot, but I suspect it will be evident once you find it...  If it isn't, please write down the options and post them here so I can see what might work to go on with the install...  Based on that page, it seems pretty likely that you have what you need there, it is just a matter of figuring out how to get it going...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #28 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 29 October 2015 - 07:07 AM

    Budfred

     

    ASHUIJK as also posted in this forum.

     

    http://www.spywarein...-everything-up/

     

    Post no 16 which I have edited.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #29 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 29 October 2015 - 10:10 AM

    Budfred

     

    ASHUIJK as also posted in this forum.

     

    http://www.spywarein...-everything-up/

     

    Post no 16 which I have edited.

    I deleted the post in this topic as well...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #30 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 29 October 2015 - 01:36 PM

    Oh wow, I think I did it (maybe)! I checked BIOS and for some reason it had switched back to booting from hard drive first after I had formatted the hard drive. I changed it back to boot from disk and then the recovery program started. It told me it found out I had changed partitions and that it could help with recovering hidden partitions and would also format my harddrive. I told it to go forward with it, it spend one hour going through the process of all five disks.

     

    When it was done, it gave me three options and that's where I'm stuck now. I have the options "Restore Windows only on the first partition", "Restore Windows only on the complete hard drive" and "Restore Windows only on the complete hard drive with two partitions". I am completely confused what option I should choose. The computer came with a C and a D partition, with D being almost completely empty except for a few personal pictures of the former owner. Everything else was on C. I am fine with having only one partition, even though I like keeping only the OS on C and everything personal on D, to be honest. But the main point is of course that I want to restore the recovery partition. I am not sure which option is correct - the word 'only' in all of them confuses me a bit. Any advice?


    Edited by Himi, 29 October 2015 - 01:37 PM.


    #31 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 29 October 2015 - 02:23 PM

    There was another person who ran into the same dilemma in a forum topic I read a couple of days ago...  That person chose the first option and said it worked fine...  I think you could choose any of them and change it later if you want...  If it were me, I would probably take the first one...  It may ask you how much to allocate to the Windows drive and I would give it enough to make sure it has room to function and leave enough for your personal data on another partition...  If the other partition isn't already there, you will be able to create it in the unallocated space...  If it doesn't ask you to specify how much to use, I think you can still make a smaller partition later...  I don't know how big your drive is - I would allow at least 40 gig for Windows and more if the drive is big enough...  Keep in mind that most programs that you will want to install will want to go on that drive...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #32 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 29 October 2015 - 03:51 PM

    Okay, I took the first one and things look pretty good! The computer needed a long time to prepare and everything, but then asked me to provide my name and a name for the computer and now that it booted and gave me access to the desktop there's not the "normal" default Windows background but an ASUS one. That probably means things are fine now? There are also no yellow exclamation marks in the device manager!

     

    ...Though of course, there is also lots of crap now. There are 76 (!) installed programs and so many folders that I am not sure anymore if I have really a "clean" laptop or if the stuff from the former owner got restored as well. I see Bing bar, which already annoys me, as well as a tons of games, an Antivirus program and stuff like that. I... want to get rid of all that stuff. Is there a way I can figure out what's necessary and what can be erased?

     

    The good news (hopefully) is that there are still two partitions. C is 400 GB now, with 50GB taken up by all the installed stuff. D is 505 GB now and I think that was what it was before as well. Because the whole harddrive is 1TB, that maybe means that the rest is the hidden partition which has been restored? Is there any way I can check if it has come back again?



    #33 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 30 October 2015 - 01:20 AM

    It sounds like you have activated the ASUS shell program...  I don't remember how to disable it, but I believe it involves disabling it in the BIOS or while the system is booting up...  I would start with the BIOS and look for anything about startup behavior - choose to disable if it has the option of booting to ASUS (I don't remember what it is called)...  I didn't even know that it existed until I was helping people set up some ASUS netbooks and a bunch of them ended up allowing it to install and set up... 

     

    After you get to actual Windows, I suggest you go to Programs and Features in Control Panel and simply start removing programs that look unlikely to be ones that you would want...  If you see anything suspicious, write down what it is and post it here so I can tell you whether it might be malicious...  If the antivirus program is already active - that is unusual and means that it is somehow default...  Usually the original install will have a "trial" version of some program and you have to activate it to actually use it...  If you can't remove Bing with an uninstall, there are other ways to deactivate it...  Windows does come with a pretty substantial pile of games and ASUS throws some more in there...  I deleted most of them when I started using an ASUS system...  You can turn games off in Windows default programs through the Programs and Features window...  In general, if you list what programs are there, I can give you a pretty good idea of what they are and whether they are needed...  It is VERY unlikely that the old stuff was reinstalled since that usually isn't what would go into a recovery disk, but I am not certain...  If you made the disks from the infected computer, it is possible that existing programs were backed up...  Once you give me an idea of what is on there, I will have a better idea of what is going on...  In the meanwhile, don't input any sensitive information in case it is infected... 

     

    If you got to Administrative Tools - Computer Management - Disk Management you can see if there is a hidden partition - it will probably say something like: System information...  I think the only way you can see what is actually in there is by looking at what is there through a program like what I described earlier - one that allows you to boot to it and then explore what is on the computer...  I

     

    There may be another way to look at it...  Here is an article about how to view that partition on HP computers and I suspect it would generally apply:

     

    http://science.oppos...tions-9441.html

     

    Note that if you do find it and can see it, it is probably just one big file, possibly with that .img ending...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #34 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 30 October 2015 - 02:12 PM

    I am not sure what a shell program is... it looks like normal Windows (it has the taskbar and the start menu and everything) but there's just lots of other stuff around as well. Really weird. In BIOS, I cannot find anything related to ASUS at all. However, there is something called "Launch EFI filesystem device" under the "Save & Exit" options, but it's nothing that can be toggled on and off. It just says in the description "Try to Launch EFI Shell application (Shellx64.efi) from one of the available filesystem devices". That's the only thing that has the word "shell" in it there; under the boot options are just the option if it should try to boot from disk and in which order to boot things. I found nothing available to press during startup.

     

    As for all the programs, is it allowed to link to images here? Because there are so many, even after me removing all the games... if I have to write them all down I will sit here for a long time haha. But I will if I have to. In case it's okay, here are the images: 1, 2, 3

     

    Yeah, I needed three screens to get them all... also it came with Google Chrome (which I kicked because I hate Chrome), which I found also odd. The security program tells me I have a running subscription... I am wary of that. But if maybe everything was restored then it might be? No idea.

     

    I couldn't find wherever the administrative tools are (likely they're just called something different in German), but I followed the instructions of the link and no recovery partition was shown. Other hidden files were displayed, so I think I did it correctly, though.



    #35 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 30 October 2015 - 04:05 PM

    A shell is a program that is usually installed over the main program to provide another interface...  Some of the programs you have used to make Win 7 seem like Win 98 are probably shells...  ASUS has one that can do most of what Windows does, but with a big emphasis on ASUS brand...  I don't remember exactly what it is called, so I haven't been able to find the info on disabling it in Google...  The "Launch EFI filesystem device" option is not what you need, especially since you don't want it to load... 

     

    I have my computer heavily armored and can't read your files on Photobucket...  However, you can post pictures directly in the forum by using (if I remember) png or tiff files...  When posted in the forum, I can blow them up to make them readable as well...  Another and probably simpler option would be to run DDS and post that log so that I can see what you have - this makes it more likely that I would find malware if it is there...

    The fact that you have Google Chrome with some sort of subscription on the security program does suggest that you may have imaged the entire existing drive and got all the dreck along with Windows...

     

    You might need to rebuild a hidden partition...  Unfortunately, I am not even sure you are allowed to do since it is supposed to still be there from the original builder...  What I suggest is to clean up the install that you have - pare it down to the minimum that you want and then make another set of recovery disks - hopefully less than 5 this time...  Of course, for future reference - I suggest that you don't delete the hidden partition if you get another computer... 


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #36 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 30 October 2015 - 08:41 PM

    Well, sounds like I indeed have that then... but I can't find out how to get rid of it. It's annoying, though.

     

    I ran DDS, let's see if this is enough or if additional pictures will be better. Here is the result of the DDS. Note that the only thing I have done so far was deinstalling all games which came with the laptop (not the Windows-games, just the ones ASUS put on; I knew them since my old Acer had them all as well...).

     

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Sheba at 2:34:17 on 2015-10-31
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8078.2751 [GMT 1:00]
    .
    AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\FBAgent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
    C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\AsScrPro.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Elantech\ETDGesture.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
    C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Windows\system32\UI0Detect.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{82CB53FE-5D4E-42D0-8208-7770DDA827AA} : DHCPNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-29 16152]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-8-15 771536]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-8-15 340216]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2015-10-31 28992]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2015-10-31 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
    R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
    R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2015-10-31 128280]
    R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2015-10-31 161560]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-10-29 103472]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
    R2 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-2-24 241456]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-2-24 218760]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-2-24 182752]
    R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2015-10-31 363800]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2015-10-31 17152]
    R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]
    R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-8 16512]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-8-15 70112]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-29 200488]
    R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-29 331264]
    R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-29 356120]
    R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-29 788760]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-8-15 309840]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-8-15 515968]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-10-31 646248]
    S2 0271051446230601mcinstcleanup;McAfee Application Installer Cleanup (0271051446230601);C:\Windows\TEMP\027105~1.EXE -cleanup -nolog --> C:\Windows\TEMP\027105~1.EXE -cleanup -nolog [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-24 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-14 1492840]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2015-10-30 196440]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-2-24 225216]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-8-15 106552]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2015-10-31 05:20:12    --------    d-----w-    C:\ProgramData\USBChargerPlus
    2015-10-31 05:19:49    --------    d-----w-    C:\ProgramData\Atheros
    2015-10-31 05:18:43    --------    d-----w-    C:\Program Files (x86)\Common Files\SceneSwitch
    2015-10-31 05:18:41    80512    ----a-w-    C:\Windows\ASUS K45_K75_K95_Screensaver Uninstaller.exe
    2015-10-31 05:18:39    3058304    ----a-w-    C:\Windows\AsScrPro.exe
    2015-10-31 05:18:39    250209552    ------w-    C:\Windows\System32\ASUS K45_K75_K95_Screensaver.scr
    2015-10-31 05:18:37    162456    ----a-w-    C:\Windows\SysWow64\ACEngSvr.exe
    2015-10-31 05:18:29    217216    ----a-w-    C:\Program Files\Windows Sidebar\Shared Gadgets\InstantOnST.gadget\InstantOnCOM.dll
    2015-10-31 05:18:24    17152    ----a-w-    C:\Windows\System32\drivers\AiCharger.sys
    2015-10-31 05:18:18    379520    ----a-w-    C:\Windows\System32\FBAgent.exe
    2015-10-31 05:18:04    196224    ----a-w-    C:\Program Files\Windows Sidebar\Shared Gadgets\P4GUpdate.Gadget\P4GUpdate.dll
    2015-10-31 05:18:03    --------    d-----w-    C:\ProgramData\P4G
    2015-10-31 05:18:03    --------    d-----w-    C:\Program Files\ASUS
    2015-10-31 05:17:31    41984    ----a-w-    C:\Windows\System32\drivers\USB3Ver.dll
    2015-10-31 05:17:29    --------    d-----w-    C:\Program Files\Elantech
    2015-10-31 05:15:11    --------    d-----w-    C:\Program Files (x86)\Common Files\Atheros
    2015-10-31 05:15:10    --------    d-----w-    C:\Program Files (x86)\Bluetooth Suite
    2015-10-31 05:14:40    2797056    ----a-w-    C:\Windows\System32\drivers\athrx.sys
    2015-10-31 05:14:40    2797056    ----a-w-    C:\Windows\System32\athrx.sys
    2015-10-31 05:14:40    --------    d-----w-    C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
    2015-10-31 05:14:25    --------    d-----w-    C:\ProgramData\Qualcomm Atheros
    2015-10-31 05:12:41    --------    d-----w-    C:\Windows\SysWow64\NV
    2015-10-31 05:12:41    --------    d-----w-    C:\Windows\System32\NV
    2015-10-31 05:09:41    --------    d-----w-    C:\Program Files\Common Files\Intel
    2015-10-31 05:09:41    --------    d-----w-    C:\Program Files (x86)\Common Files\Intel
    2015-10-31 05:09:20    --------    d-----w-    C:\Intel
    2015-10-31 05:09:02    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
    2015-10-31 05:08:49    180736    ----a-w-    C:\Windows\System32\ifsutil.dll
    2015-10-31 05:08:49    148992    ----a-w-    C:\Windows\SysWow64\ifsutil.dll
    2015-10-31 05:08:30    951680    ----a-w-    C:\Windows\System32\drivers\ndis.sys
    2015-10-31 05:03:51    --------    d-----w-    C:\eSupport
    2015-10-30 19:26:12    196440    ----a-w-    C:\Windows\System32\drivers\HipShieldK.sys
    2015-10-30 18:43:06    --------    d-----w-    C:\Users\Sheba\AppData\Local\Google
    2015-10-30 18:13:21    --------    d-----w-    C:\Users\Sheba\AppData\Local\Power2Go
    2015-10-29 20:41:39    --------    d-----w-    C:\Users\Sheba\AppData\Local\Apps
    2015-10-29 20:41:01    --------    d-----w-    C:\Users\Sheba\AppData\Roaming\ASUS WebStorage
    2015-10-29 20:40:19    --------    d-----w-    C:\Users\Sheba\AppData\Local\BMExplorer
    2015-10-29 20:40:12    --------    d-----w-    C:\Users\Sheba\AppData\Roaming\Atheros
    2015-10-29 20:35:36    --------    d-----w-    C:\ProgramData\FolderView
    2015-10-29 20:35:09    --------    d-----w-    C:\Users\Sheba\AppData\Local\VirtualStore
    2015-10-29 20:35:08    387    ----a-w-    C:\Users\Sheba\AppData\Roaming\sp_data.sys
    .
    ==================== Find3M  ====================
    .
    .
    ============= FINISH:  2:34:50,68 ===============
     

    And yeah, I will just go with the making of new recovery disks when everything unneeded is gone from the system. And I definitely won't delete hidden partitions anymore; my friend works in a computer shop and after giving me the link to the ISO told me that I should just delete it since it would give me more space and I would have a clean Windows version now anyway... I thought he was reliable since he works and repairs and sets up computers all day. Well, I learn from mistakes...



    #37 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 30 October 2015 - 09:59 PM

    I am afraid that I am pretty sleepy at the moment and I will need to come back and analyze this after I get some sleep...  A quick glance didn't sound any alarm bells, but hang on until I can take a close look...

     

    Did you friend say anything about why the ISO copy wouldn't validate??  Generally the amount of space taken by the hidden partition isn't that much...  Back when my computer had 40 megs on my hard drive, it might have been an issue, but if you have a terabyte on a laptop, I really don't think you are going to fill that up unless you are doing a lot of video recording storage or something like that... 


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #38 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 30 October 2015 - 10:30 PM

    Thanks a lot, take all time you need - it's 4:20am here and I'm gonna go to sleep as well. Also it's not just that I want to get rid of any potential malware, I also want to get rid of anything unneeded. I want to get as close to a "clean" Windows version as possible, so anything on there by ASUS which isn't needed should go as well.

     

    I haven't spoken to my friend since I formatted the harddrive yet, as he's on vacation right now. I went into his store and talked to his colleague, though, who told me that yeah, there shouldn't have been a "clean" ISO out there which automatically came with SP1 and since mine did, it's likely that something was up with it. He also looked at my ISO and said he believes that the size of the ISO is different from the "official" one, though he wasn't sure about that since he didn't have an official one at hand. He said that the advice of my friend was still valid, though, as they advice people in the store to rather get "clean" Windows versions as they very often have customers complaining about new computers taking forever to boot because of all the software ASUS/other brands put on there. I can understand... my "clean" computer gets popups by so many programs upon boot... that damn Antivirus program (which also needs to go; I want Avira) gives me popups, then there's like two recovery softwares, some weird bar at the right side of the desktop... incredible...



    #39 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 31 October 2015 - 09:33 AM

    As I thought about it, I will need to see the Attach.txt added file from DDS since it will contain a full list of installed programs, the list posted is what DDS looks at to find malware...  nasdaq has agreed to focus on helping you check for malware and I will focus on trying to clean up the "legit" stuff that you don't want... The good news is that you are running Windows 7 Home Premium...  I will see if I can sort out what that ASUS shell is and how to disable it...

     

    Go here to get info about removing McAfee: https://service.mcaf...spx?id=TS101331

     

    In "Control Panel - Programs and Features - Turn Windows features on or off" find "Tablet PC Components" and remove the check mark from that option...

     

    You can uninstall Bing Bar in the list of Programs and Features...  After removing Bing Bar - look for Live ID and remove that as well, assuming you are not using any Windows Live products...  If you don't find it, I will give you other instructions to remove it...

     

    ASUS SmartLogon is a facial recognition program for logging into Windows that can be uninstall in Programs and Features also...  QuickGesture64.exe seems to be a tablet based program and can be uninstalled in Programs and Features...  ASUS Screen Saver Protector can be uninstalled in Programs and Features - it isn't needed...  If you are not using CyberLink or HP MediaSmart programs, you can uninstall CyberLink MediaLibrary Service as well...  ATKMEDIA is used with Media Center to open it with multimedia keys on the laptop and can be removed if you don't need that...  ASUS Live Update is designed to automatically update your computer and can be removed if you don't want it... 

     

    MS recommends disabling their Sidebar and tells you how here: https://technet.micr...ty/2719662.aspx

     

    With that, I am going to take a break...  It takes a long time to wade through all of these files, so in the meantime, please run the McAfee removal program and install your Avira...  Then please run the Attach.txt from DDS and post that...  I will focus on that and nasdaq will offer instructions for searching for malware...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #40 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 31 October 2015 - 12:33 PM

    Hi

    I`m nasdaq

     

    Once you have removed the programs you do not wish to keep and have updated to Avira please proceed with this.

     

    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
     
    Wait for further instructions from me on this malware cleanup.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #41 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 31 October 2015 - 02:29 PM

    Okay, this turned out very problematic, I am getting showered in error messages. Here's what happened step by step:

    1) Uninstalled McAfee following the instructions. No problems.
    2) Started uninstalling things.
    - Uninstalled BingBar
    - Could not find Live ID
    - Could not find Asus SMART Logon, but there was something called ASUS Logon, so I uninstalled that instead. Smart Logon is still something shown in the sidebar, though.
    - Could not find QuickGesture64
    - Could notfind ASUS Screen Saver Protector, but there was something else with ASUS and Screensaver in the name, so I uninstalled that.
    - Uninstalled all three CyberLink programs.
    - Could not find HP MediaSmart
    - Uninstalled ATKMedia and ASUS Live Update

    After the reboot demanded from unstalling ATKMedia and ASUS Live Update, hell started. Now upon rebooting, I get the error message "This program can only be run on an ASUS computer", which is as nondescriptive as possible. I click it away. Then I get the error message "Driver failure. Please install ATK100 driver". I click that away, too.

     

    Then I tried to turn off the sidebar. But when following the instructions and entering "gpedit.msc" into the run command I get the message that this doesn't exist. I know MS also gives another method involving the registry but there's also a warning this might mess things up and... I am obviously good at messing things up, so I figured I should ask first if I should try that.

    So I then downloaded and installed Avira. No problems there. When Avira did its first search, I went away to do something else since it takes time and upon returning, I was greeted with the next error message:

    "Microsoft Visual C++ Runtime Library
    Assertion failed!
    Program: ...
    File: .\mongoose.c
    Line: 3830
    Expression: ctx->sq_head > ctx->sq_tail"

    Once I clicked that away, I got one of these speech bubbles in the bottom right corner. It went away too fast for me to read it all, but I remember it saying "Intel ME Recovery Agent encountered a problem" and that the program stopped. And then I got another speech bubble that a USB driver couldn't be found (something with CW2.0 or something like that... I was still busy writing down the last error message, so I couldn't catch it fast enough).

    Too many error messages!

    Anyway, here are the requested logs. I was not sure if you wanted a new Attach.txt file from DDS after me removing the programs (well, the ones I found, anyway)? I did a new one, just in case, but will post the old one for now. Following that is the Farbar log requested by nasdaq. However, the Addition.txt was too big to upload (at least that's what it told me), so I can't do that. Thanks so much for the help!

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 29.10.2015 21:34:51
    System Uptime: 30.10.2015 23:42:20 (3 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. |  | K95VM
    Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 401 GiB total, 348,964 GiB free.
    D: is FIXED (NTFS) - 506 GiB total, 505,539 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: USB2.0-CRW
    Device ID: USB\VID_0BDA&PID_0129\20100201396000000
    Manufacturer:
    Name: USB2.0-CRW
    PNP Device ID: USB\VID_0BDA&PID_0129\20100201396000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP21: 29.10.2015 22:13:47 - Geplanter Prüfpunkt
    RP22: 29.10.2015 22:13:50 - Sprachpaketdeinstallation
    RP23: 30.10.2015 20:59:21 - Sprachpaketdeinstallation
    .
    ==== Installed Programs ======================
    .
    ??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
    ???? ??? Windows Live
    ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ??????? Windows Live Mesh ActiveX ???
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X MUI
    ASUS AI Recovery
    ASUS FaceLogon
    ASUS K45_K75_K95_Screensaver
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS Splendid Video Enhancement Technology
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ASUS Virtual Touch
    ASUS WebStorage
    AsusVibe2.0
    Atheros Bluetooth Suite (64)
    ATK Package
    Bing Bar
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    CyberLink LabelPrint
    CyberLink Media Suite
    CyberLink Power2Go
    D3DX10
    ETDWare PS/2-X64 10.5.9.0
    Fast Boot
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    InstantOn for NB
    Intel® Manageability Engine Firmware Recovery Agent
    Intel® Management Engine Components
    Intel® OpenCL CPU Runtime
    Intel® Processor Graphics
    Intel® USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Junk Mail filter update
    McAfee Internet Security
    McAfee SiteAdvisor
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    NVIDIA Control Panel 290.81
    NVIDIA Graphics Driver 290.81
    NVIDIA Install Application
    NVIDIA Optimus 1.6.24
    NVIDIA PhysX
    NVIDIA Update 1.6.24
    NVIDIA Update Components
    Qualcomm Atheros WiFi Driver Installation
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    SceneSwitch
    Shared C Run-time for x64
    St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Fotogalerie
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX control for remote connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    Wireless Console 3
    .
    ==== End Of File ===========================



    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
    durchgeführt von Sheba (Administrator) auf HAKUGYOKUROU (31-10-2015 19:56:31)
    Gestartet von C:\Users\Public\Pictures
    Geladene Profile: UpdatusUser & Sheba (Verfügbare Profile: UpdatusUser & Sheba)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
    Internet Explorer Version 9 (Standard-Browser: IE)
    Start-Modus: Normal
    Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Prozesse (Nicht auf der Ausnahmeliste) =================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


    ==================== Registry (Nicht auf der Ausnahmeliste) ===========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Communications)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-05] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260416 2012-03-04] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [214848 2012-03-04] (NVIDIA Corporation)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-02-24]
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)

    ==================== Internet (Nicht auf der Ausnahmeliste) ====================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{82CB53FE-5D4E-42D0-8208-7770DDA827AA}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-892359256-2953846959-8072590-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
    FF Extension: Avira Browser Safety - C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] [ist nicht signiert]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Dienste (Nicht auf der Ausnahmeliste) ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [Datei ist nicht signiert]
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [Datei ist nicht signiert]

    ===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
    R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
    R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows ® Win 7 DDK provider)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-05] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-10-05] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-05] (Avira Operations GmbH & Co. KG)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

    ==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


    ==================== Ein Monat: Erstellte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2015-10-31 19:55 - 2015-10-31 19:57 - 00000000 ____D C:\FRST
    2015-10-31 19:31 - 2015-10-31 19:31 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\Mozilla
    2015-10-31 19:31 - 2015-10-31 19:31 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\Avira
    2015-10-31 19:30 - 2015-10-05 15:51 - 00163544 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2015-10-31 19:30 - 2015-10-05 15:51 - 00141416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2015-10-31 19:30 - 2015-10-05 15:51 - 00074952 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2015-10-31 19:30 - 2015-10-05 15:51 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
    2015-10-31 19:29 - 2015-10-31 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2015-10-31 19:29 - 2015-10-31 19:30 - 00000000 ____D C:\ProgramData\Avira
    2015-10-31 19:29 - 2015-10-31 19:30 - 00000000 ____D C:\Program Files (x86)\Avira
    2015-10-31 19:29 - 2015-10-31 19:29 - 00001208 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
    2015-10-31 19:29 - 2015-10-31 19:29 - 00000000 ____D C:\ProgramData\Package Cache
    2015-10-31 19:21 - 2015-10-31 19:21 - 00000000 ___RD C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-10-31 19:17 - 2015-10-31 19:17 - 00024576 _____ () C:\Users\Sheba\AppData\Local\uninst.tmp
    2015-10-31 19:07 - 2015-10-31 19:07 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\Macromedia
    2015-10-31 06:21 - 2015-10-31 06:21 - 00000109 _____ C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2015-10-31 06:20 - 2015-10-31 06:21 - 00000105 _____ C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2015-10-31 06:20 - 2015-10-31 06:21 - 00000000 ____D C:\ProgramData\Temp
    2015-10-31 06:20 - 2015-10-31 06:20 - 00068166 _____ C:\Windows\AsChkDev.txt
    2015-10-31 06:20 - 2015-10-31 06:20 - 00000107 _____ C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2015-10-31 06:20 - 2015-10-31 06:20 - 00000000 ____N C:\Windows\SysWOW64\Drivers\1043_ASUSTEK_K45A_K45VM_K45VG_K45VS_K45VD_K75A_K75VM_K75VD_K95VM_V60_WIN7.MRK
    2015-10-31 06:20 - 2015-10-31 06:20 - 00000000 ____D C:\ProgramData\USBChargerPlus
    2015-10-31 06:20 - 2015-10-31 06:20 - 00000000 ____D C:\ProgramData\CyberLink
    2015-10-31 06:19 - 2015-10-29 21:40 - 00000000 ____D C:\ProgramData\Atheros
    2015-10-31 06:18 - 2015-10-31 19:03 - 00001636 _____ C:\Windows\system32\ServiceFilter.ini
    2015-10-31 06:18 - 2015-10-31 06:18 - 03058304 _____ (ASUS) C:\Windows\AsScrPro.exe
    2015-10-31 06:18 - 2015-10-31 06:18 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
    2015-10-31 06:18 - 2015-10-31 06:18 - 00003054 _____ C:\Windows\System32\Tasks\ASUS P4G
    2015-10-31 06:18 - 2015-10-31 06:18 - 00003026 _____ C:\Windows\System32\Tasks\ASUS USB Charger Plus
    2015-10-31 06:18 - 2015-10-31 06:18 - 00000716 _____ C:\Users\Public\Desktop\eManual.Lnk
    2015-10-31 06:18 - 2015-10-31 06:18 - 00000000 ____D C:\ProgramData\P4G
    2015-10-31 06:18 - 2015-10-31 06:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
    2015-10-31 06:18 - 2015-10-31 06:18 - 00000000 ____D C:\Program Files\ASUS
    2015-10-31 06:18 - 2015-10-29 21:35 - 00001838 _____ C:\Windows\system32\AutoRunFilter.ini
    2015-10-31 06:18 - 2015-10-29 21:34 - 00000080 _____ C:\Windows\system32\Defrag.ini
    2015-10-31 06:18 - 2012-02-29 19:08 - 00017152 _____ (ASUSTek Computer Inc.) C:\Windows\system32\Drivers\AiCharger.sys
    2015-10-31 06:18 - 2012-02-21 22:49 - 00162456 ____N (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    2015-10-31 06:18 - 2011-03-04 00:57 - 00379520 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
    2015-10-31 06:18 - 2009-06-13 01:55 - 00000105 _____ C:\Windows\system32\FastBoot.ini
    2015-10-31 06:18 - 2009-06-05 21:35 - 00000052 _____ C:\Windows\system32\RemoveFont.ini
    2015-10-31 06:18 - 2009-06-05 21:35 - 00000015 _____ C:\Windows\system32\BootTime.ini
    2015-10-31 06:17 - 2015-10-31 06:17 - 00005966 _____ C:\Windows\DPINST.LOG
    2015-10-31 06:17 - 2015-10-31 06:17 - 00003438 _____ C:\Windows\System32\Tasks\ASUS Quick Gesture (x64)
    2015-10-31 06:17 - 2015-10-31 06:17 - 00003422 _____ C:\Windows\System32\Tasks\ASUS Quick Gesture
    2015-10-31 06:17 - 2015-10-31 06:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    2015-10-31 06:17 - 2015-10-31 06:17 - 00000000 ____D C:\Program Files\Elantech
    2015-10-31 06:17 - 2012-02-27 12:00 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
    2015-10-31 06:16 - 2015-10-31 06:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_btath_hcrp_01009.Wdf
    2015-10-31 06:15 - 2015-10-31 06:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
    2015-10-31 06:15 - 2015-10-31 06:15 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
    2015-10-31 06:14 - 2015-10-31 06:14 - 00000000 ____D C:\ProgramData\Qualcomm Atheros
    2015-10-31 06:14 - 2015-10-31 06:14 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation
    2015-10-31 06:14 - 2011-12-28 05:45 - 00071816 _____ C:\Windows\system32\athrextx.cat
    2015-10-31 06:14 - 2011-12-28 05:44 - 02797056 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
    2015-10-31 06:14 - 2011-12-28 05:44 - 02797056 _____ (Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
    2015-10-31 06:13 - 2015-10-31 19:49 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    2015-10-31 06:13 - 2015-10-31 19:21 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    2015-10-31 06:13 - 2015-10-31 19:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-10-31 06:13 - 2015-10-31 06:13 - 00003492 _____ C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
    2015-10-31 06:13 - 2015-10-31 06:13 - 00003188 _____ C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ___HD C:\Program Files (x86)\Temp
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\ProgramData\SonicFocus
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\ProgramData\Intel
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\Program Files\Realtek
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\Program Files\Intel
    2015-10-31 06:13 - 2015-10-31 06:13 - 00000000 ____D C:\Program Files (x86)\Realtek
    2015-10-31 06:13 - 2012-02-21 05:10 - 00015128 _____ C:\Windows\system32\Drivers\IntelMEFWVer.dll
    2015-10-31 06:13 - 2011-12-27 14:12 - 04727656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
    2015-10-31 06:13 - 2011-12-27 12:02 - 00204940 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
    2015-10-31 06:13 - 2011-12-27 12:00 - 02765312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
    2015-10-31 06:13 - 2011-12-23 06:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
    2015-10-31 06:13 - 2011-12-22 03:32 - 03745384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
    2015-10-31 06:13 - 2011-12-20 08:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
    2015-10-31 06:13 - 2011-12-19 22:43 - 00220776 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
    2015-10-31 06:13 - 2011-12-18 10:58 - 05996376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
    2015-10-31 06:13 - 2011-12-18 10:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
    2015-10-31 06:13 - 2011-12-18 10:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
    2015-10-31 06:13 - 2011-12-18 10:58 - 01247576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
    2015-10-31 06:13 - 2011-12-18 10:58 - 00955736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
    2015-10-31 06:13 - 2011-12-15 05:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
    2015-10-31 06:13 - 2011-12-13 13:22 - 02528832 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
    2015-10-31 06:13 - 2011-12-13 09:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
    2015-10-31 06:13 - 2011-12-13 04:01 - 01698408 ____N (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
    2015-10-31 06:13 - 2011-11-22 09:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
    2015-10-31 06:13 - 2011-11-22 04:36 - 02615400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
    2015-10-31 06:13 - 2011-09-29 10:30 - 00646248 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
    2015-10-31 06:13 - 2011-09-29 10:30 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
    2015-10-31 06:13 - 2011-09-29 10:30 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
    2015-10-31 06:13 - 2011-09-02 07:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
    2015-10-31 06:13 - 2011-09-02 07:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
    2015-10-31 06:13 - 2011-09-02 07:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
    2015-10-31 06:13 - 2011-08-23 10:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
    2015-10-31 06:13 - 2011-08-05 18:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
    2015-10-31 06:13 - 2011-08-05 18:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
    2015-10-31 06:13 - 2011-08-05 18:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
    2015-10-31 06:13 - 2011-07-22 12:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
    2015-10-31 06:13 - 2011-07-08 07:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
    2015-10-31 06:13 - 2011-06-14 04:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
    2015-10-31 06:13 - 2011-05-31 02:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
    2015-10-31 06:13 - 2011-05-02 07:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
    2015-10-31 06:13 - 2011-05-02 07:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
    2015-10-31 06:13 - 2011-05-02 07:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
    2015-10-31 06:13 - 2011-05-02 07:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
    2015-10-31 06:13 - 2011-05-02 07:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
    2015-10-31 06:13 - 2011-03-17 05:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
    2015-10-31 06:13 - 2011-03-07 10:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
    2015-10-31 06:13 - 2010-11-08 00:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
    2015-10-31 06:13 - 2010-11-03 11:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
    2015-10-31 06:13 - 2010-10-03 06:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
    2015-10-31 06:13 - 2010-09-27 02:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
    2015-10-31 06:13 - 2010-07-22 09:48 - 00074064 ____N (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
    2015-10-31 06:13 - 2010-07-22 09:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
    2015-10-31 06:13 - 2010-05-06 10:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
    2015-10-31 06:13 - 2009-11-24 02:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
    2015-10-31 06:13 - 2009-11-24 02:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
    2015-10-31 06:13 - 2009-11-24 02:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
    2015-10-31 06:13 - 2009-11-24 02:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
    2015-10-31 06:13 - 2009-11-17 11:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
    2015-10-31 06:12 - 2015-10-31 06:19 - 00000000 ____D C:\Windows\SysWOW64\NV
    2015-10-31 06:12 - 2015-10-31 06:19 - 00000000 ____D C:\Windows\system32\NV
    2015-10-31 06:11 - 2015-10-31 06:12 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-10-31 06:11 - 2015-10-31 06:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-10-31 06:11 - 2015-10-31 06:11 - 00015878 _____ C:\Windows\system32\results.xml
    2015-10-31 06:11 - 2015-10-31 06:11 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2015-10-31 06:11 - 2015-10-31 06:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-10-31 06:11 - 2015-10-31 06:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-10-31 06:11 - 2012-03-05 00:28 - 06005568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2015-10-31 06:11 - 2012-03-05 00:28 - 03032896 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2015-10-31 06:11 - 2012-03-05 00:27 - 02944183 _____ C:\Windows\system32\nvcoproc.bin
    2015-10-31 06:11 - 2012-03-05 00:26 - 02562368 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2015-10-31 06:11 - 2012-03-05 00:26 - 00889664 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2015-10-31 06:11 - 2012-03-05 00:26 - 00840000 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
    2015-10-31 06:11 - 2012-03-05 00:26 - 00118080 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2015-10-31 06:11 - 2012-03-05 00:26 - 00063296 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2015-10-31 06:11 - 2012-03-05 00:26 - 00055616 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 25433920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 25137472 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 19350336 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 17498432 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 17483584 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 14864192 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 14025536 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2015-10-31 06:11 - 2012-03-04 22:34 - 09623872 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 07984448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 07678784 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 05874496 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02660672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02506560 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02403648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02374464 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02206016 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 02096448 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 01715008 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 01454912 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00951616 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00802112 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00372544 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptimusmft.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00363328 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00331072 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00301376 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00260416 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00214848 ____N (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2015-10-31 06:11 - 2012-03-04 22:34 - 00028992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
    2015-10-31 06:11 - 2012-03-04 22:34 - 00007654 _____ C:\Windows\system32\nvinfo.pb
    2015-10-31 06:11 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-31 06:11 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-31 06:09 - 2015-10-31 06:17 - 00000000 ____D C:\Program Files (x86)\Intel
    2015-10-31 06:09 - 2015-10-31 06:09 - 00000000 ____D C:\Program Files\Common Files\Intel
    2015-10-31 06:09 - 2015-10-31 06:09 - 00000000 ____D C:\Intel
    2015-10-31 06:09 - 2012-01-16 04:06 - 00053248 ____N (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
    2015-10-31 06:08 - 2015-10-31 19:30 - 00059145 _____ C:\Windows\WindowsUpdate.log
    2015-10-31 06:08 - 2011-01-28 20:03 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ifsutil.dll
    2015-10-31 06:08 - 2011-01-28 06:46 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ifsutil.dll
    2015-10-31 06:08 - 2010-12-29 11:57 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-10-31 06:04 - 2015-10-31 06:04 - 00000000 _____ C:\Windows\AsRunBar.txt
    2015-10-31 06:04 - 2012-03-27 02:55 - 00000034 _____ C:\Windows\AsToolCDVer.txt
    2015-10-31 06:03 - 2015-10-31 06:18 - 00000000 ____D C:\eSupport
    2015-10-31 02:28 - 2015-10-31 02:28 - 00688992 ____R (Swearware) C:\Users\Sheba\Desktop\dds.scr
    2015-10-30 20:26 - 2015-10-30 20:26 - 00262144 _____ C:\Windows\system32\config\ELAM
    2015-10-30 19:43 - 2015-10-30 19:43 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\Adobe
    2015-10-30 19:43 - 2015-10-30 19:43 - 00000000 ____D C:\Users\Sheba\AppData\Local\Google
    2015-10-30 19:42 - 2015-10-30 19:42 - 00001142 _____ C:\Users\Sheba\Desktop\Willkommen zur ASUS Produktregistrierung.lnk
    2015-10-30 19:13 - 2015-10-30 19:13 - 00000000 ____D C:\Users\Sheba\AppData\Local\Power2Go
    2015-10-29 21:41 - 2015-10-29 21:41 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\ASUS WebStorage
    2015-10-29 21:41 - 2015-10-29 21:41 - 00000000 ____D C:\Users\Sheba\AppData\Local\Apps\2.0
    2015-10-29 21:40 - 2015-10-29 21:40 - 00000000 ____D C:\Users\Sheba\Documents\Bluetooth Folder
    2015-10-29 21:40 - 2015-10-29 21:40 - 00000000 ____D C:\Users\Sheba\AppData\Roaming\Atheros
    2015-10-29 21:40 - 2015-10-29 21:40 - 00000000 ____D C:\Users\Sheba\AppData\Local\BMExplorer
    2015-10-29 21:36 - 2015-10-29 21:36 - 00001437 _____ C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-10-29 21:36 - 2015-10-29 21:36 - 00001403 _____ C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2015-10-29 21:35 - 2015-10-31 19:17 - 00000387 _____ C:\Users\Sheba\AppData\Roaming\sp_data.sys
    2015-10-29 21:35 - 2015-10-29 21:35 - 00057560 _____ C:\Users\Sheba\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-10-29 21:35 - 2015-10-29 21:35 - 00000200 _____ C:\Windows\FixPatch.log
    2015-10-29 21:35 - 2015-10-29 21:35 - 00000000 __RSD C:\Users\Public\Desktop\ASUS
    2015-10-29 21:35 - 2015-10-29 21:35 - 00000000 ____D C:\Users\Sheba\AppData\Local\VirtualStore
    2015-10-29 21:35 - 2015-10-29 21:35 - 00000000 ____D C:\ProgramData\FolderView
    2015-10-29 21:35 - 2015-10-29 21:35 - 00000000 _____ C:\Users\Sheba\agent.log
    2015-10-29 21:34 - 2015-10-29 21:36 - 00000000 ____D C:\Users\Sheba
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000020 ___SH C:\Users\Sheba\ntuser.ini
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Vorlagen
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Startmenü
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Netzwerkumgebung
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Lokale Einstellungen
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Eigene Dateien
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Druckumgebung
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Documents\Eigene Musik
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Documents\Eigene Bilder
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\AppData\Local\Verlauf
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\AppData\Local\Anwendungsdaten
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 _SHDL C:\Users\Sheba\Anwendungsdaten
    2015-10-29 21:34 - 2015-10-29 21:34 - 00000000 ____D C:\Users\Sheba\AppData\Local\ASUS
    2015-10-29 21:34 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-29 21:34 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

    ==================== Ein Monat: Geänderte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2015-10-31 19:28 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-10-31 19:28 - 2009-07-14 05:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-10-31 19:26 - 2011-02-19 05:24 - 00696370 _____ C:\Windows\system32\perfh007.dat
    2015-10-31 19:26 - 2011-02-19 05:24 - 00147634 _____ C:\Windows\system32\perfc007.dat
    2015-10-31 19:26 - 2009-07-14 06:13 - 01611160 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-10-31 19:22 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2015-10-31 19:22 - 2012-02-24 03:42 - 00000000 ____D C:\Program Files (x86)\ASUS
    2015-10-31 19:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-10-31 19:21 - 2009-07-14 05:51 - 00051469 _____ C:\Windows\setupact.log
    2015-10-31 19:13 - 2009-07-14 04:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-31 19:10 - 2012-02-24 02:34 - 00012682 _____ C:\Windows\PFRO.log
    2015-10-31 19:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2015-10-31 06:29 - 2009-07-29 07:03 - 00000000 ____D C:\Windows\Panther
    2015-10-31 06:29 - 2009-07-14 05:46 - 00005075 _____ C:\Windows\DtcInstall.log
    2015-10-31 06:15 - 2011-12-29 22:02 - 00246804 _____ C:\Windows\system32\Drivers\AtherosBt.bin
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001796 _____ C:\Windows\system32\Drivers\ramps_0x11020000_40.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001242 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x01.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001214 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x03.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40_0x02.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001204 _____ C:\Windows\system32\Drivers\ramps_0x01020200_40.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001198 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26.dfu
    2015-10-31 06:15 - 2011-12-29 22:02 - 00001192 _____ C:\Windows\system32\Drivers\ramps_0x01020200_26_0x01.dfu
    2015-10-31 06:13 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2015-10-31 06:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
    2015-10-31 06:06 - 2009-07-29 06:07 - 00008134 _____ C:\Windows\TSSysprep.log
    2015-10-31 06:04 - 2009-07-14 06:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
    2015-10-31 06:04 - 2009-07-14 06:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
    2015-10-31 06:03 - 2009-07-29 06:20 - 00000000 ____D C:\Windows\ASUS
    2015-10-31 05:00 - 2011-02-19 05:18 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\SysWOW64\winrm
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\SysWOW64\WCN
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\SysWOW64\sysprep
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\SysWOW64\slmgr
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system32\winrm
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system32\WCN
    2015-10-31 05:00 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system32\slmgr
    2015-10-31 05:00 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
    2015-10-31 05:00 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2015-10-31 05:00 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\com
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\sysprep
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Setup
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\oobe
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\MUI
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\migwiz
    2015-10-31 05:00 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
    2015-10-31 04:59 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
    2015-10-31 04:59 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker
    2015-10-31 04:59 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Sidebar
    2015-10-31 04:59 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2015-10-31 04:59 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Windows Defender
    2015-10-31 04:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\com
    2015-10-31 04:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
    2015-10-31 04:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\IME
    2015-10-31 04:59 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\System
    2015-10-31 04:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
    2015-10-31 04:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\he-IL
    2015-10-31 04:54 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\DVD Maker
    2015-10-31 04:53 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Globalization
    2015-10-30 19:50 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
    2015-10-30 19:43 - 2012-02-24 03:28 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-30 19:42 - 2012-02-24 03:50 - 00000000 ____D C:\ProgramData\Asus
    2015-10-30 19:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2015-10-30 19:40 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Deadtime Stories
    2015-10-29 22:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
    2015-10-29 22:17 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\ar-SA
    2015-10-29 22:13 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\restore
    2015-10-29 21:39 - 2012-02-24 03:50 - 00000000 ____D C:\ProgramData\ChangeFolderView
    2015-10-29 21:35 - 2012-02-24 03:28 - 04495548 _____ C:\Windows\AsDebug.log
    2015-10-29 21:35 - 2012-02-24 02:55 - 00002966 _____ C:\Windows\PQArecord.log
    2015-10-29 21:35 - 2011-02-18 21:12 - 00519678 _____ C:\Windows\AsCDProc.log
    2015-10-29 21:35 - 2009-07-29 06:20 - 00000000 ____D C:\Windows\Log
    2015-10-29 21:34 - 2009-07-14 05:45 - 00274464 _____ C:\Windows\system32\FNTCACHE.DAT

    ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

    2015-10-29 21:35 - 2015-10-31 19:17 - 0000387 _____ () C:\Users\Sheba\AppData\Roaming\sp_data.sys
    2015-10-31 19:17 - 2015-10-31 19:17 - 0024576 _____ () C:\Users\Sheba\AppData\Local\uninst.tmp
    2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
    2015-10-31 06:21 - 2015-10-31 06:21 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2015-10-31 06:20 - 2015-10-31 06:21 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2015-10-31 06:20 - 2015-10-31 06:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    Einige Dateien in TEMP:
    ====================
    C:\Users\Sheba\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap =================

    (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

    C:\Windows\system32\winlogon.exe => Datei ist digital signiert
    C:\Windows\system32\wininit.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
    C:\Windows\explorer.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
    C:\Windows\system32\svchost.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
    C:\Windows\system32\services.exe => Datei ist digital signiert
    C:\Windows\system32\User32.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
    C:\Windows\system32\userinit.exe => Datei ist digital signiert
    C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
    C:\Windows\system32\rpcss.dll => Datei ist digital signiert
    C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
    C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
    C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


    LastRegBack: 2015-10-31 02:31

    ==================== Ende von FRST.txt ============================


    Edited by Himi, 31 October 2015 - 02:58 PM.


    #42 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 31 October 2015 - 11:01 PM

    Please don't uninstall things if they don't match what I posted - some of those programs might actually be needed...  It is really hard for me to know what the various error messages are from since you removed more than what I suggested...  I will give you a list from your Attach.txt log, but only remove if the title matches exactly...

     

    These are likely to be safe to remove:

     

    If you are not using any Windows Live programs, you can remove any that are in the list...

     

    ASUS FaceLogon
    ASUS K45_K75_K95_Screensaver

     

    ASUS LifeFrame3 (an ASUS video/audio program - Windows already has most of this)

     

    AsusVibe2.0 (basically an ASUS portal to vibe products)

     

    ASUS Virtual Touch (for the touchpad, but apparently replaced by SmartGesture)

     

    ASUS Virtual Camera (allows more than one application to access the webcam at one time)

     

    ASUS USB Charger Plus (allows the laptop to effectively charge other devices, like iPad and so on)

     

    ASUS WebStorage (keep this if you want to use ASUS cloud storage - otherwise it is a pest)

     

    You are still showing Bing Bar and CyberLink programs, so make sure they are removed - there may simply be leftover elements in the Registry which show up in this scan...

     

    It looks like the uninstaller for McAfee left some bit in the Registry as well: McAfee Internet Security and McAfee SiteAdvisor - nasdaq may help to remove the last of that...

     

    Mesh Runtime is from Windows Live and allows you to synchronize across two or more computers - it can be removed with other Live programs if you don't need it...  A lot of the stuff on your system is Windows Live and some might be helpful, so be careful about dumping it...  If you search Google for any of the programs listed, you can find out more about what it is for...

     

    If you didn't install Microsoft Office 2010, it is probably an option to sell you the program and that can be uninstalled...

     

    Based on what I see, most of the stuff you are dealing with seems to be related to ATK Package, but it may not be a good idea to uninstall it because there are some functional aspects to it... 

     

    Overall, it looks like what you have is probably the original install from ASUS and not full of leftovers from the previous owner...  However, nasdaq will determine if there is anything more problematic there...  I think some of the Microsoft issues will resolve once you complete all updates - have you activated the system yet??

     

    There is another way to turn off the Sidebar in Win 7 - let me know if you don't get rid of it with the other fixes and I will look it up again...  I turned it off shortly after I reinstalled Win 7, but I don't remember how I did it...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #43 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 01 November 2015 - 08:09 AM

     
    Your FRST log is clean of malware.
     
    As many 3rd party software do,  Avira also install browsing objects.
     
    If you wisht to remove the these ffiresof and Chrome Extensions run this fix. Your call.
     
    Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. This will  open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
     
    start
     
    EmptyTemp:
    CloseProcesses:
     
    FF Extension: Avira Browser Safety - C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] [ist nicht signiert]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
     
    End
    
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
     
     
    p.s.
    Firefox snd Chrome are not installed on this computer but the Windows Operating system do install the necessary extensions for these applications.
    They will be ready and available if you decide to install them.
     
    ===
     
    I would l be interested in seing the Addition.txt file created by the FRST tool.
     
    Please post it for my review.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #44 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 01 November 2015 - 03:24 PM

    Okay, here are my news. Also I'm sorry if I can't be online tomorrow and also not for longer today, but I have a very important appointment tomorrow and must sleep early. Sorry for any delays!

     

    The ASUS FaceLogon and ASUS K45_K75_K95_Screensaver were actually the two things I had removed because they were similiar to what you said first, so no damage should have been done (remember the Attach.txt was from before I started removing things even for the first time). I removed everything you listed now except for Mesh Runtime, which I cannot find at all. The ATK Package had been removed by me during my first session of erasing things since you had listed it there... the two error messages upon boot (about the ATK Driver and the P4G "This program can only run on an ASUS") still persist upon every boot.

     

    Most of the programs seem to be from Windows Live indeed, but they all seem to be the same thing except in different languages? There's a lot of foreign letters there, but from what I know about other languages they all have the same name. I also keep getting these speech bubbles in the bottom right corner about something called Bluetooth. The sidebar still is there and refuses to leave me alone.

     

    I checked the Microsoft Office 2010 thing and while it tried to sell me something at first it also let me install/open Microsoft Word Starter. I think that's the exact same thing which I use for work on my old computer and I don't think it's a trial version - just has a bit of advertisement on the side, but otherwise seems to run unlimited and I need it for work anyway since using Notepad doesn't seem very professional...

     

    I have not started Windows Updates yet. Shall I do that now? I thought maybe for making fewer rescue disks once everything is cleaned up, having less updates would be a good thing, but I can start the updates right away.

     

    Now for nasdaq's instructions:

     

    I did as you said, but there is no fix option in my FRST. There is 'Scan', 'File-Search', 'Registry-Search' and 'Delete', but no scan-button anywhere. Or am I blind? The fixlist.txt is definitely in the correct folder. I must be overlooking something, but I absolutely can't find the correct button.

     

    Here is, at least, the Addition.txt file. Note it's not up to date anymore; some of the programs I just saw there when copying it have been removed by now.

     

    Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
    durchgeführt von Sheba (2015-10-31 20:09:08)
    Gestartet von C:\Users\Public\Pictures
    Windows 7 Home Premium Service Pack 1 (X64) (2015-10-29 20:34:51)
    Start-Modus: Normal
    ==========================================================


    ==================== Konten: =============================

    Administrator (S-1-5-21-892359256-2953846959-8072590-500 - Administrator - Disabled)
    Gast (S-1-5-21-892359256-2953846959-8072590-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-892359256-2953846959-8072590-1003 - Limited - Enabled)
    Sheba (S-1-5-21-892359256-2953846959-8072590-1001 - Administrator - Enabled) => C:\Users\Sheba
    UpdatusUser (S-1-5-21-892359256-2953846959-8072590-1000 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Sicherheits-Center ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installierte Programme ======================

    (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

    Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.85.3 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)
    Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
    ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.30 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
    ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
    ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG)
    Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
    Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
    Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
    Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
    Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
    Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
    Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    NVIDIA Graphics Driver 290.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 290.81 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
    NVIDIA Update 1.6.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.6.24 - NVIDIA Corporation)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
    SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.12 - ASUS)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
    Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
    Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
    Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
    גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
    بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
    معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


    ==================== Wiederherstellungspunkte =========================

    29-10-2015 22:13:47 Geplanter Prüfpunkt
    29-10-2015 22:13:50 Sprachpaketdeinstallation
    30-10-2015 20:59:21 Sprachpaketdeinstallation
    31-10-2015 19:12:23 Windows Modules Installer
    31-10-2015 19:15:42 Removed ASUS FaceLogon
    31-10-2015 19:18:10 Konfiguriert LabelPrint
    31-10-2015 19:18:56 Konfiguriert PowerStarter
    31-10-2015 19:19:32 Konfiguriert Power2Go
    31-10-2015 19:20:36 Removed ATK Package
    31-10-2015 19:22:27 Removed ASUS Live Update

    ==================== Hosts Inhalt: ===============================

    (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

    2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    Task: {50C445F5-63C7-4307-A2BA-3FD175178DC3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {8CACC2E7-DA32-4365-89B9-EBDDAF5FF978} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
    Task: {9DA4301C-41FD-45F3-B120-F203416BCBE0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {A6DC7C43-AA63-4300-A1BC-41CA83089241} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
    Task: {B8C7189D-9E2E-442B-9971-35E04DAA0C24} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
    Task: {D855A7EA-C319-48E7-84D3-EF1621C8F708} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

    ==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

    2015-10-31 06:13 - 2012-02-21 05:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    2011-12-23 18:24 - 2011-12-23 18:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
    2015-10-31 06:13 - 2012-02-21 05:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
    2011-07-20 00:05 - 2011-07-20 00:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
    2011-07-20 00:04 - 2011-07-20 00:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
    2011-08-16 04:17 - 2011-08-16 04:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
    2011-08-16 04:12 - 2011-08-16 04:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
    2011-08-16 04:12 - 2011-08-16 04:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll

    ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


    ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

    ==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


    ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


    ==================== Andere Bereiche ============================

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    HKU\S-1-5-21-892359256-2953846959-8072590-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall ist aktiviert.

    ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

    (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

    MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    FirewallRules: [{56048913-2EE4-4FB6-9B10-B11FD9535645}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{A56F99CF-933B-4F79-9B77-D54139039647}] => (Allow) LPort=2869
    FirewallRules: [{7200A232-CB9A-4548-89E0-CF072E6C2E3E}] => (Allow) LPort=1900
    FirewallRules: [{B47DCE39-BD05-4FD0-BC5F-8FCE7C3FBB7F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{BE0EC94A-88B6-4356-B121-F67FE5BE0F40}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{19E284DE-FE65-45E9-8827-69D5454439A1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{A87F55DA-E575-4EED-96C3-45FAF8205A78}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{77C18C1D-5BDA-4FEF-89A5-A487FB888AE1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    ==================== Fehlerhafte Geräte im Gerätemanager =============

    Name: USB2.0-CRW
    Description: USB2.0-CRW
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Fehlereinträge in der Ereignisanzeige: =========================

    Applikationsfehler:
    ==================

    Systemfehler:
    =============
    Error: (10/31/2015 07:01:35 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
    Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

    Error: (10/31/2015 07:01:35 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (10/31/2015 04:54:04 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

    Error: (10/31/2015 03:11:41 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 03:11:40 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 03:01:40 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 03:01:40 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 02:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 02:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.

    Error: (10/31/2015 02:41:38 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
    Description: Es wurde eine schwerwiegende Warnung empfangen: 40.


    ==================== Speicherinformationen ===========================

    Prozessor: Intel® Core™ i5-3210M CPU @ 2.50GHz
    Prozentuale Nutzung des RAM: 28%
    Installierter physikalischer RAM: 8078.32 MB
    Verfügbarer physikalischer RAM: 5780.72 MB
    Summe virtueller Speicher: 16154.84 MB
    Verfügbarer virtueller Speicher: 13596 MB

    ==================== Laufwerke ================================

    Drive c: (OS) (Fixed) (Total:400.55 GB) (Free:347.11 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
    Drive d: (DATA) (Fixed) (Total:505.64 GB) (Free:505.54 GB) NTFS

    ==================== MBR & Partitionstabelle ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 9158AFC3)

    Partition: GPT.

    ==================== Ende von Addition.txt ============================



    #45 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 01 November 2015 - 06:26 PM

    One of the nice thing about the forum format is that you can come and go when you have time...  If you were going to be away for a few days, it would be good to let us know so that the topic is not closed...  However, don't worry about being away for a day... 

     

    Unless nasdaq objects, I suggest that you do Windows Updates...  It is likely that some of the issues that have come up will be fixed with that...  If you still keep getting error messages after we do most of the cleanup, please post the specific comments from the message so that we can figure out how to clear those messages...  What it suggests is that the uninstall programs were sloppy and left bits in the Registry that makes the system look for something that isn't there...  Did you remove all Windows Live components??  If you did, that Mesh program should be gone as well...  It would be good to see an Attach.txt log after you complete each step so that we can see what is still there - I missed that the one you posted was after you had already removed a number of things...  This page has instructions to disable Sidebar:

     

    http://www.howtogeek...s-on-windows-7/

     

    If the Office program is just the viewer, you are probably okay...  If it isn't, you will likely start getting warned that you can't use it after a while unless you pay for it...  Also, were you able to Activate Windows??


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #46 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 02 November 2015 - 08:11 AM

    I did as you said, but there is no fix option in my FRST. There is 'Scan', 'File-Search', 'Registry-Search' and 'Delete', but no scan-button anywhere. Or am I blind? The fixlist.txt is definitely in the correct folder. I must be overlooking something, but I absolutely can't find the correct button.
     
    Are you using the FRST.exe or FRST64.exe?
     
    You should have FRST64.exe for you 64 bit system.
     
    I just downloaded the latest version and I have these options
    Scan
    Search Files
    Search Registry
    Fix
     
    ==
     
    Your Additional.txt file has no malware.
    To get a new Addition.txt file you have to run the Farbar tool again and make sure the Addition.txt check box is set.
     
    ===
     

    the two error messages upon boot (about the ATK Driver and the P4G "This program can only run on an ASUS") still persist upon every boot.
     
    The first FRST log you posted does have reference to: 
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    Task: {8CACC2E7-DA32-4365-89B9-EBDDAF5FF978} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
     
    and a system restore remark that the ATK package was removed.
    31-10-2015 19:20:36 Removed ATK Package
     
    The erors are probably comming from remant items in the registry that needs to be removed.
     
    Please run the Farbar tool again and post a fresh FRST.txt and include the revised Addition.txt file.
    ===
     
    As for the Windows Updates they should be installed.
     
    ---
     

    but otherwise seems to run unlimited and I need it for work anyway since using Notepad doesn't seem very professional...
    I use NotePadd++ instead of Notepad from Windows.
     
    You can try it. 

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #47 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 03 November 2015 - 07:31 PM

    Okay, I'm back!

     

    The computer spent many hours today installing all the Windows Updates. When it finished (there were 209 or so), it told me that a few had failed, but they weren't selectable again in the update menu. Very odd. The only update I didn't install was the one which gives the Windows 10 switch. No idea if the failed updates are now there or not, but at any rate, there's nothing but that Windows 10 thing I can currently select to add. Right now, nothing has changed when it comes to the error messages and I get even more speech bubbles now, one about a "Intel ME FW Recovery Agent" doing something (these things vanish too fast, I swear).

     

    The Office program is not the viewer, I can make documents and all. It's just Windows and Excel, though. If they ever want me to pay, I can always switch, but really, it's the exactly same thing I have on my old computer and it's been on here since four years and it never bothered me. If that has changed with newer computers, I will know, but seeing as I'm used to Word and I don't want to explain to my employer why I'm suddenly using something else, I would prefer risking it and keeping this as long as possible. I will look into the NotePadd++ stuff, though!

     

    I haven't removed all Windows Live components yet since I can't figure out how many there are and what exactly each one does... there's too much stuff. As in, I dunno if it's just the different language things or if there is more and all. So right now I haven't touched Windows Live things yet.

     

    I was not asked to activate Windows at any point. I didn't have to enter the serial number during the recovery process, either.

     

    The Windows Sidebar is still odd; I couldn't find anything even remotely similiar to what's described in the link posted to turn it off, but after the Windows Updates, half the sidebar was gone. As in, it's now only half as tall. The Face Logon thing has finally disappeared, maybe the laptop finally caught on that I have uninstalled it several reboots ago...

     

    I definitely ran the FRST64 version, but to be sure I downloaded it again. No kidding, it doesn't say "Fix", it says "Delete". Just in German. Maybe it's the worst translation error in the world or something? Shall I try pressing that button (it's the rightmost one and a darker blue than the two in the middle) and hope it does what it is supposed to do and not what it says?

     

    Anyway, here's all the logs! I hope I didn't forget anything.

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 29.10.2015 21:34:51
    System Uptime: 03.11.2015 22:16:30 (3 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. |  | K95VM
    Processor: Intel® Core™ i5-3210M CPU @ 2.50GHz | SOCKET 0 | 2501/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 401 GiB total, 344,586 GiB free.
    D: is FIXED (NTFS) - 506 GiB total, 505,539 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: USB2.0-CRW
    Device ID: USB\VID_0BDA&PID_0129\20100201396000000
    Manufacturer:
    Name: USB2.0-CRW
    PNP Device ID: USB\VID_0BDA&PID_0129\20100201396000000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP36: 03.11.2015 19:03:19 - Windows Update
    .
    ==== Installed Programs ======================
    .
    ??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
    ???? ??? Windows Live
    ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ??????? Windows Live Mesh ActiveX ???
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X MUI
    ASUS AI Recovery
    ASUS Power4Gear Hybrid
    ASUS Splendid Video Enhancement Technology
    Atheros Bluetooth Suite (64)
    Avira Antivirus
    Avira Launcher
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    D3DX10
    ETDWare PS/2-X64 10.5.9.0
    Fast Boot
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    InstantOn for NB
    Intel® Manageability Engine Firmware Recovery Agent
    Intel® Management Engine Components
    Intel® OpenCL CPU Runtime
    Intel® Processor Graphics
    Intel® USB 3.0 eXtensible Host Controller Driver
    Intel® Trusted Connect Service Client
    Junk Mail filter update
    Mesh Runtime
    Microsoft .NET Framework 4.5.2
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Klick-und-Los 2010
    Microsoft Office Starter 2010 - Deutsch
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    NVIDIA Grafiktreiber 311.44
    NVIDIA Install Application
    NVIDIA Optimus 1.11.3
    NVIDIA PhysX
    NVIDIA Systemsteuerung 311.44
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    Qualcomm Atheros WiFi Driver Installation
    Raccolta foto di Windows Live
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    SceneSwitch
    Shared C Run-time for x64
    St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Fotogalerie
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    Wireless Console 3
    .
    ==== End Of File ===========================
     

    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
    durchgeführt von Sheba (Administrator) auf HAKUGYOKUROU (04-11-2015 01:23:10)
    Gestartet von C:\Users\Sheba\Desktop\Neuer Ordner
    Geladene Profile: UpdatusUser & Sheba (Verfügbare Profile: UpdatusUser & Sheba)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
    Internet Explorer Version 11 (Standard-Browser: IE)
    Start-Modus: Normal
    Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Prozesse (Nicht auf der Ausnahmeliste) =================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\System32\LogonUI.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Nicht auf der Ausnahmeliste) ===========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Communications)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-05] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)

    ==================== Internet (Nicht auf der Ausnahmeliste) ====================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{82CB53FE-5D4E-42D0-8208-7770DDA827AA}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-892359256-2953846959-8072590-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\S-1-5-21-892359256-2953846959-8072590-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-892359256-2953846959-8072590-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Keine Datei]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
    FF Extension: Avira Browser Safety - C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] [ist nicht signiert]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

    ==================== Dienste (Nicht auf der Ausnahmeliste) ========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-05] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [Datei ist nicht signiert]
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [Datei ist nicht signiert]

    ===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

    S3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
    S3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows ® Win 7 DDK provider)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [163544 2015-10-05] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-10-05] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-05] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [74952 2015-10-05] (Avira Operations GmbH & Co. KG)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

    ==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


    ==================== Ein Monat: Erstellte Dateien und Ordner ========

    (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

    2015-11-04 01:22 - 2015-11-04 01:23 - 00000000 ____D C:\Users\Sheba\Desktop\Neuer Ordner
    2015-11-04 01:19 - 2015-11-04 01:19 - 00029429 _____ C:\Users\Sheba\Desktop\dds.txt
    2015-11-03 22:23 - 2015-11-03 22:23 - 00000000 ___RD C:\Users\Sheba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-11-03 22:22 - 2015-11-03 22:22 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2015-11-03 22:12 - 2015-11-03 22:12 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-11-03 22:12 - 2015-11-03 22:12 - 00000000 ____D C:\Windows\system32\appraiser
    2015-11-03 21:44 - 2015-11-03 21:46 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-03 21:44 - 2015-10-02 12:09 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-11-03 21:43 - 2015-01-09 00:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
    2015-11-03 21:43 - 2015-01-09 00:43 - 00419936 _____ C:\Windows\system32\locale.nls
    2015-11-03 21:30 - 2015-07-30 14:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-11-03 21:30 - 2015-07-30 14:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-11-03 21:28 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2015-11-03 21:19 - 2015-11-03 21:19 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-11-03 21:19 - 2015-11-03 21:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-03 21:19 - 2015-11-03 21:19 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-03 21:19 - 2015-11-03 21:19 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-11-03 21:19 - 2015-11-03 21:19 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2015-11-03 21:19 - 2015-11-03 21:19 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2015-11-03 21:19 - 2015-11-03 21:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-03 21:19 - 2015-11-03 21:19 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-11-03 21:19 - 2015-11-03 21:19 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2015-11-03 21:19 - 2015-11-03 21:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2015-11-03 21:19 - 2015-11-03 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2015-11-03 21:19 - 2015-11-03 21:19 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2015-11-03 21:19 - 2015-11-03 21:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-11-03 21:12 - 2015-11-03 21:28 - 00014532 _____ C:\Windows\IE11_main.log
    2015-11-03 20:59 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-11-03 20:59 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-11-03 20:59 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-11-03 20:59 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-11-03 20:59 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-11-03 20:59 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-11-03 20:59 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-11-03 20:59 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-11-03 20:59 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-11-03 20:59 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-11-03 20:59 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-11-03 20:59 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-11-03 20:59 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-11-03 20:59 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-11-03 20:59 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-11-03 20:59 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-11-03 20:59 - 2013-10-01 21:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-11-03 20:59 - 2013-10-01 21:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-11-03 20:41 - 2015-11-03 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
    2015-11-03 20:16 - 2015-11-03 20:16 - 00000000 ____D C:\ProgramData\VirtualizedApplications
    2015-11-03 20:07 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-11-03 20:07 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-11-03 20:07 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2015-11-03 20:07 - 2012-08-23 14:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-11-03 20:07 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2015-11-03 20:07 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-11-03 20:07 - 2012-08-23 10:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-11-03 19:31 - 2012-07-26 04:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2015-11-03 19:31 - 2012-07-26 04:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2015-11-03 19:31 - 2012-07-26 04:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2015-11-03 19:31 - 2012-07-26 04:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2015-11-03 19:31 - 2012-07-26 04:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2015-11-03 19:31 - 2012-07-26 03:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2015-11-03 19:31 - 2012-07-26 03:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2015-11-03 19:31 - 2012-06-02 15:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2015-11-03 19:18 - 2013-01-13 22:17 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:17 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:16 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:11 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2015-11-03 19:18 - 2013-01-13 21:22 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-11-03 19:18 - 2013-01-13 21:20 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2015-11-03 19:18 - 2013-01-13 21:09 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2015-11-03 19:18 - 2013-01-13 21:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2015-11-03 19:18 - 2013-01-13 20:59 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-11-03 19:18 - 2013-01-13 20:58 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-11-03 19:18 - 2013-01-13 20:54 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2015-11-03 19:18 - 2013-01-13 20:53 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2015-11-03 19:18 - 2013-01-13 20:53 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2015-11-03 19:18 - 2013-01-13 20:51 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-11-03 19:18 - 2013-01-13 20:49 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2015-11-03 19:18 - 2013-01-13 20:48 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2015-11-03 19:18 - 2013-01-13 20:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2015-11-03 19:18 - 2013-01-13 20:43 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-11-03 19:18 - 2013-01-13 20:38 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2015-11-03 19:18 - 2013-01-13 20:38 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2015-11-03 19:18 - 2013-01-13 20:37 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2015-11-03 19:18 - 2013-01-13 20:25 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
    2015-11-03 19:18 - 2013-01-13 20:24 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2015-11-03 19:18 - 2013-01-13 20:24 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2015-11-03 19:18 - 2013-01-13 20:20 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2015-11-03 19:18 - 2013-01-13 20:20 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2015-11-03 19:18 - 2013-01-13 20:15 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-11-03 19:18 - 2013-01-13 20:10 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2015-11-03 19:18 - 2013-01-13 20:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-11-03 19:18 - 2013-01-13 19:34 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2015-11-03 19:18 - 2013-01-13 19:32 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-11-03 19:18 - 2013-01-13 19:09 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
    2015-11-03 19:18 - 2013-01-13 18:26 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2015-11-03 19:18 - 2013-01-13 18:05 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2015-11-03 19:18 - 2013-01-04 07:11 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2015-11-03 19:18 - 2013-01-04 07:11 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2015-11-03 19:13 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
    2015-11-03 19:13 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
    2015-11-03 19:13 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2015-11-03 19:03 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2015-11-03 19:03 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2015-11-03 19:03 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2015-11-03 19:03 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2015-11-03 19:03 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2015-11-03 19:03 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2015-11-03 19:03 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2015-11-03 19:03 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2015-11-03 19:01 - 2015-08-05 18:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-11-03 19:01 - 2015-08-05 18:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2015-11-03 19:01 - 2015-08-05 18:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-11-03 19:01 - 2015-07-15 19:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-11-03 19:01 - 2015-07-15 19:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-11-03 19:01 - 2015-07-15 19:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-11-03 19:01 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-11-03 19:01 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2015-11-03 19:00 - 2015-09-14 20:45 - 03210240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-03 19:00 - 2015-08-05 18:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-11-03 19:00 - 2015-08-05 18:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-11-03 19:00 - 2015-06-02 01:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-11-03 19:00 - 2015-06-02 00:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-11-03 19:00 - 2015-04-29 19:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-11-03 19:00 - 2015-04-29 19:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-11-03 19:00 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-11-03 19:00 - 2015-04-29 19:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-11-03 19:00 - 2015-04-29 19:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-11-03 19:00 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-11-03 19:00 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2015-11-03 19:00 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2015-11-03 19:00 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2015-11-03 19:00 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-11-03 19:00 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-11-03 19:00 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-11-03 19:00 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-11-03 19:00 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-11-03 19:00 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-11-03 19:00 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2015-11-03 19:00 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2015-11-03 19:00 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2015-11-03 19:00 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2015-11-03 19:00 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2015-11-03 19:00 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2015-11-03 19:00 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2015-11-03 19:00 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2015-11-03 18:59 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-11-03 18:59 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-11-03 18:59 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-11-03 18:59 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-11-03 18:58 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-11-03 18:58 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-11-03 18:58 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-11-03 18:58 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-11-03 18:58 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-11-03 18:58 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-11-03 18:58 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-11-03 18:58 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-11-03 18:58 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-11-03 18:58 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-11-03 18:58 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2015-11-03 18:58 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-11-03 18:58 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-11-03 18:58 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-11-03 18:57 - 2015-09-18 20:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-11-03 18:57 - 2015-09-18 20:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-11-03 18:57 - 2015-09-18 20:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-11-03 18:57 - 2015-09-18 20:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-11-03 18:57 - 2015-09-18 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-11-03 18:57 - 2015-09-18 20:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-11-03 18:57 - 2015-09-18 20:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-11-03 18:57 - 2015-06-03 21:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-11-03 18:57 - 2015-06-03 21:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-11-03 18:56 - 2015-09-29 04:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-03 18:56 - 2015-09-29 04:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-11-03 18:56 - 2015-09-29 04:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-11-03 18:56 - 2015-09-29 04:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-11-03 18:56 - 2015-09-29 04:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-11-03 18:56 - 2015-09-29 04:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-11-03 18:56 - 2015-09-29 04:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-11-03 18:56 - 2015-09-29 04:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-11-03 18:56 - 2015-09-29 04:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-11-03 18:56 - 2015-09-29 04:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-11-03 18:56 - 2015-09-29 04:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-11-03 18:56 - 2015-09-29 04:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-11-03 18:56 - 2015-09-29 04:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 04:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-11-03 18:56 - 2015-09-29 03:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-11-03 18:56 - 2015-09-29 03:59 - 00259584 _____ (Microsoft Corp


    #48 Budfred

    Budfred

      Malware Hound

    • Administrators
    • PipPipPipPipPip
    • 21,375 posts

    Posted 03 November 2015 - 11:00 PM

    When I was installing Win 7, I had to run Windows Update repeatedly to get it to finish all of the updates...  I just kept running Check for Updates and installed as many as possible...  If you end up with some which chronically fail, you can attempt a Windows Repair to see if that allows a full update...  You at least need the SP 1 update... 

     

    In Control Panel, go to System and look under Windows Activation - if it says that Windows is activated, you are okay...  If it doesn't, it will probably offer the option to do so and it would be good to do so...  It should also list the product key that you have on the computer...

     

    In Programs and Features - Turn Windows features on or off - check to see what is or isn't enabled...  Uncheck Windows Gadjet Platform (which should turn off Sidebar)...  Check for anything that involves language to see if you are enabled to run languages you don't use...  When doing Windows Update, be careful to unselect and hide optional languages that you don't use...  Note is any programs in Programs and Features seem to be in other languages or activate languages that you don't use...  You can also go to Search in the Start menu and enter "language settings" - it should offer the option to "Install or uninstall display languages"... 

     

    You can choose to uninstall anything with Windows Live or Live in the name in Programs and Features...  You can also look in the Start Menu to see if there are any references to active Live programs...  If you find any there, see if there is an uninstall option... 

     

    I took a quick look at your logs and didn't seen anything worrisome - we will wait to see what nasdaq finds...  Again, note any error issues in as much detail as possible...


    Budfred

    Helpful link: SpywareBlaster...

    MS MVP 2006 and ASAP Member since 2004

    Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

    #49 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,139 posts

    Posted 04 November 2015 - 09:24 AM

    now, one about a "Intel ME FW Recovery Agent" doing something (these things vanish too fast, I swear).
     
    Not sure but I do not believe that you need this, read about it.
     
    The following can be removed, or disable Bootstrap.exe via  MSCONFIG.
     
    Task: {50C445F5-63C7-4307-A2BA-3FD175178DC3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: {9DA4301C-41FD-45F3-B120-F203416BCBE0} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
    Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
     
    I submit this article for you reading.
     
    Budfred may have some views on it.
    ===
     

    No kidding, it doesn't say "Fix", it says "Delete". Just in German. Maybe it's the worst translation error in the world or something? Shall I try pressing that button (it's the rightmost one and a darker blue than the two in the middle) and hope it does what it is supposed to do and not what it says?
    It's set by the owner of the tool. He probably used Delete in the German version. Click it and post the log that will be created.
     
    p.s.
    If still having problems with the Windows Sidebar/Gadgets we can used the Tweaking.com - Windows Repair tool to fix it.
    I will give you the instructions if needed.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #50 Himi

    Himi

      Advanced Member

    • Full Member
    • PipPipPip
    • 145 posts

    Posted 04 November 2015 - 03:08 PM

    Getting somewhere, I hope!

    - Having Windows check for Updates again indeed did the trick and it found 22 more. I don't know if the formerly-failed ones are in the batch, though. The 22 new ones all installed correctly. In the "System" section, it says I'm on SP 1.

    - It also says Windows is activated! And it does list a product ID, but I can't find it anywhere on my computer (on any of the stickers) or the packaging...

    - I have definitely the correct section, but there is absolutely nothing even resembling the name "Windows Gadjet Platform". The only things there with the word 'Windows' in their name are "Windows Search" (which is activated), "Windows-Prozessaktivierungsdienst" (roughly translated to process activation service) and "Windows-TIFF-IFilter". But the sidebar seems to have vanished now anyway, so maybe all is good? Or is it bad that the section doesn't even exist?

    - I deinstalled all the Windows Live things now and my installed program list is now down to 37 programs, which already looks much more manageable and less chaotic. I hope I got all of the Windows Live stuff, there were more than 10 things to uninstall...

    - At the current time, I get the following annoying messages and problems. Finally sat down and rebooted a few times to catch them all and write down the exact wording:
    1) Upon boot, error message: "You have to install ATK0100 driver" (header of the message says "ATK0100 request"). This is not translated, it's an English message.
    2) Upon boot, error message: "This program can only be executed on the ASUS computer" (header of the message says "P4G"). Another English message, no translation here.
    3) Upon boot, speech bubble which appears and disappears around 5-6 times: "Bluetooth-Information: Bluetooth local radio cannot be found by others". This appears in German, so my translation may be off.
    4) I have in the device manager an exclamation mark under "other devices". It's labeled "USB2.0-CRW". Letting Windows search for driver updates online has no result. This definitely was not there directly after the installation of Windows and I do remember saying something about a failed USB driver speech bubble after I deinstalled the first programs, so it probably appeared around then.

    - I didn't get the "Intel ME FW Recovery Agent" speech bubble again (so far), but admit that the articles provided kind of brought me to the limit of my English, so I didn't really understand them well. I looked in MSCONFIG, but couldn't find the word "Bootstrap.exe" in any of the sections. Not really sure where to find the bolded things and how to remove them. Sorry if I don't understand the instructions!

    - Here is the Fixlog! I really hope everything there went as intended, the reboot after pressing that delete button took forever.

     

    Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:31-10-2015
    durchgeführt von Sheba (2015-11-04 21:00:57) Run:1
    Gestartet von C:\Users\Sheba\Desktop\Neuer Ordner
    Geladene Profile: UpdatusUser & Sheba (Verfügbare Profile: UpdatusUser & Sheba)
    Start-Modus: Normal
    ==============================================

    fixlist Inhalt:
    *****************
    start
     
    EmptyTemp:
    CloseProcesses:
     
    FF Extension: Avira Browser Safety - C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] [ist nicht signiert]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
     
    End
    *****************

    Prozess erfolgreich geschlossen.
    C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] => nicht gefunden.
    FF Extension: Avira Browser Safety - C:\Users\Sheba\AppData\Roaming\Mozilla\Firefox\Profiles\QBTBfUqI.default\Extensions\abs@avira.com [2015-10-31] [ist nicht signiert] => nicht gefunden
    "HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Schlüssel erfolgreich entfernt
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Schlüssel erfolgreich entfernt
    EmptyTemp: => 749 MB temporäre Dateien entfernt.


    Das System musste neu gestartet werden.

    ==== Ende von Fixlog 21:01:05 ====






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    Member of

    Support SpywareInfo Forum - click the button
    PayPal - The safer, easier way to pay online!