Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

xfreeservice.com and desk 365 runasstduser


  • This topic is locked This topic is locked
91 replies to this topic

#1 raror

raror

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 05 January 2015 - 03:47 PM

I just found out about two firefox addons that are most likely viruses , that i used to have installed months or more than a year ago:

https://addons.mozilla.org/de/firefox/addon/youtube-unblocker

and

https://addons.mozilla.org/en-us/firefox/addon/flash-video-downloader/?src=ss

 

I know for a fact that the first one is still giving me issues, even though they've been uninstalled from firefox a long time ago.

 

This person explains some of it here:

 

https://addons.mozilla.org/de/firefox/addon/youtube-unblocker/reviews/622150/

 

Basically what happened was i was looking at this one page trying to figure out how to revoke all the permissions that i accidentally allowed on it a few months ago (using the noscript firefox addon). I looked at this allowed script called xfreeservice.com ,and i thought it was a suspicious name so i blocked it.

 

Now blocking scripts manually (and maybe allowing scripts as well) with noscript causes all my tabs to start loading up at the same time for some reason and firefox to crash (i haven't tried it very many times since then ,but it did start happening maybe a few months ago. I haven't found a solution to that ,but of course it happened again when i did it with this xfreeservice.com thing.)

 

Anyway, the interesting thing that happened was ,that this same script reappeared on youtube and a few other sites as a blocked sciprt, which made no sense. I didn't understand how this script could be used on so many disconnected pages so i googled it and this showed up: https://addons.mozilla.org/de/firefox/addon/youtube-unblocker/reviews/622150/

 

Anyway, now i'm looking for a way to get rid of this pest

 

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 05 January 2015 - 04:03 PM

 Another, although possibly unrelated, issue is  i do use adwcleaner scans from time to time and this is the latest scan with a desk 365 issue

 

Also every time i do a scan adwcleaner has an issue with firefox's pref.js file, i don't know what it is ,a few times i've deleted it but it keeps coming back? And i rather not touch anything browser related ,because i think i did that once and it deleted all my search engines

 

 

 

# AdwCleaner v4.106 - Report created 05/01/2015 at 22:56:50
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : nazanda - NAZANDA-PC
# Running from : F:\adware malware spyware\best\adwcleaner_4.106.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js
File Found : C:\Users\Public\Desktop\GeekBuddy.lnk
File Found : C:\Users\Public\Desktop\GeekBuddy.lnk
Folder Found : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

***** [ Scheduled Tasks ] *****

Task Found : Desk 365 RunAsStdUser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[4hz6f8cz.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "MarketWatch,Twitter,Search IM,About.com,Amazon.com,reddit.com: search results,Amazon Search Suggestions,lifehacker,[...]

-\\ Google Chrome v28.0.1500.72

[C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
[C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : geggofhlfbcmanadhknllmlajiafopoh

*************************

AdwCleaner[R20].txt - [2071 octets] - [25/12/2014 06:00:42]
AdwCleaner[R21].txt - [3068 octets] - [27/12/2014 03:05:21]
AdwCleaner[R22].txt - [2984 octets] - [27/12/2014 03:40:03]
AdwCleaner[R23].txt - [2904 octets] - [27/12/2014 03:46:19]
AdwCleaner[R24].txt - [3062 octets] - [27/12/2014 16:01:06]
AdwCleaner[R25].txt - [6186 octets] - [27/12/2014 16:02:49]
AdwCleaner[R26].txt - [3031 octets] - [05/01/2015 22:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R26].txt - [3092 octets] ##########
 


Edited by raror, 05 January 2015 - 07:08 PM.


#3 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 05 January 2015 - 04:54 PM

I also read a little bit of these two threads:
http://www.bleepingcomputer.com/forums/t/562172/infected-with-astromenda-and-conduit/
http://www.bleepingcomputer.com/forums/t/503065/i-think-im-infected-by-desk365/
 
so i thought i would do a farbar scan as well, because i have had this Conduit detection as well for some time now  ,that adwcleaner and a few of the other programs aren't getting rid of it apparently , even though i've deleted it before.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015
Ran by nazanda (administrator) on NAZANDA-PC on 05-01-2015 23:28:14
Running from F:\firefox downloads\firefox 01 22 2014
Loaded Profiles: nazanda & postgres (Available profiles: nazanda & postgres & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Safer-Networking Ltd.) D:\C programs extention\Spybot - Search & Destroy 2\SDFSSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Safer-Networking Ltd.) D:\C programs extention\Spybot - Search & Destroy 2\SDUpdSvc.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
() C:\Program Files\Synergy\synergyd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\GLOBUL Connection Manager\AssistantServices.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) D:\C programs extention\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Sonix) C:\Windows\vsnp2std.exe
(IVONA Software Sp. z o.o.) C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe
(BitTorrent Inc.) C:\Users\nazanda\AppData\Roaming\uTorrent\uTorrent.exe
(Azureus Software, Inc) C:\Program Files (x86)\Vuze\Azureus.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
() C:\Program Files (x86)\GLOBUL Connection Manager\UIExec.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) D:\C programs extention\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) D:\C programs extention\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) D:\C programs extention\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Twitter) C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(AB Team) C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snp2std] => C:\Windows\vsnp2std.exe [675840 2006-09-15] (Sonix)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3164536 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-09] (VIA)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [UIExec] => C:\Program Files (x86)\GLOBUL Connection Manager\UIExec.exe [153424 2011-08-15] ()
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-06-18] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5524336 2013-06-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => D:\C programs extention\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => D:\C programs extention\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [CPN Notifier] => C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [IVONA ControlCenter] => C:\Program Files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe [2172864 2012-11-07] (IVONA Software Sp. z o.o.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [uTorrent] => C:\Users\nazanda\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-13] (BitTorrent Inc.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Azureus] => C:\Program Files (x86)\Vuze\Azureus.exe [271160 2014-08-12] (Azureus Software, Inc)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Google Update] => C:\Users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-09] (Google Inc.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1329408 2014-11-28] (Bogdan Sharkov)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Run: [PeerBlock] => D:\C programs extention\PeerBlock\peerblock.exe [2513992 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1002\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1315861483-2587834430-1896926071-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1315861483-2587834430-1896926071-1002\...\Run: [CPN Notifier] => C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\new youtube acc.txt - Shortcut.lnk
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peerblock.exe - Shortcut.lnk
ShortcutTarget: peerblock.exe - Shortcut.lnk -> D:\C programs extention\PeerBlock\peerblock.exe (PeerBlock, LLC)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\probni bookmarkove (delete if you want) - Shortcut.lnk
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Shortcut.lnk
ShortcutTarget: thunderbird.exe - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TweetDeck.lnk
ShortcutTarget: TweetDeck.lnk -> C:\Program Files (x86)\Twitter\TweetDeck\TweetDeck.exe (Twitter)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1315861483-2587834430-1896926071-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000 -> {3AF6CBF3-2BDB-4E3E-BD41-40093B21ECE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
SearchScopes: HKU\S-1-5-21-1315861483-2587834430-1896926071-1002 -> {3AF6CBF3-2BDB-4E3E-BD41-40093B21ECE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10583
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FGCatchUrl -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: IVONA Reader -> {8664889D-ED18-4713-918F-E2BB69D8452B} -> C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashGet GetFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2_x64.dll (IVONA Software Sp. z o.o.)
Toolbar: HKLM-x32 - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 93.152.178.254 93.152.160.5

FireFox:
========
FF ProfilePath: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @citrixonline.com/appdetectorplugin -> C:\Users\nazanda\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\nazanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @talk.google.com/O1DPlugin -> C:\Users\nazanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @talk.google.com/O3DPlugin -> C:\Users\nazanda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @tools.google.com/Google Update;version=3 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @tools.google.com/Google Update;version=9 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1315861483-2587834430-1896926071-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\nazanda\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF user.js: detected! => C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\nazanda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\nazanda\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\nazanda\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\aboutcom.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\amazon-search-suggestions.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\apple-wallet-news---google-.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\bitsnoop-p2p-search---217-million-valid-torrents.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\facebook-search.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\finviz.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\firefox-.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\firefox-add-ons.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\google-.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\images---google-.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\international-business-machines-corp-nyseibm-quotes--news---.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\introducing-your-trading-search-engine.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\investopedia.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\lifehacker.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\marketwatch.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\php-manual.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\quotes--info--yahoo-finance.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\redditcom-search-results.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\search---can-i-make-money---quora.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\search-im.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\thegeeks--browse.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\thevault--browse.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\torrent-search---veoble.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\youtube-video-search.xml
FF SearchPlugin: C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\searchplugins\zelkaorg.xml
FF Extension: CLEO - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\CLEO@guid.customsoftwareconsult.com [2014-09-01]
FF Extension: Form History Control - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\formhistory@yahoo.com [2014-09-28]
FF Extension: Xmarks - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: DOM Inspector - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\inspector@mozilla.org [2014-12-17]
FF Extension: FEBE - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2014-12-08]
FF Extension: ChatZilla - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2014-12-21]
FF Extension: FireFTP - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2014-10-15]
FF Extension: Password Exporter - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492} [2013-07-12]
FF Extension: DownloadHelper - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-07]
FF Extension: Flash and Video Download - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-12-08]
FF Extension: about:me - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\aboutme@test.mozilla.com.xpi [2015-01-04]
FF Extension: ABV Notifier - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\abvnotifier@netinfo.bg.xpi [2013-09-30]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-15]
FF Extension: Add to Search Bar - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2014-01-03]
FF Extension: Tab Badge - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\badge@darktrojan.net.xpi [2015-01-03]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\elemhidehelper@adblockplus.org.xpi [2013-11-23]
FF Extension: Hide My Ass Proxy Extension - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\extension@hidemyass.com.xpi [2014-12-12]
FF Extension: Feed Sidebar - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\feedbar@efinke.com.xpi [2014-07-07]
FF Extension: Firebug - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\firebug@software.joehewitt.com.xpi [2013-10-11]
FF Extension: Autofill - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\firefox-autofill@googlegroups.com.xpi [2013-07-12]
FF Extension: Google Floating Search Panel - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\floatingpanel@everhelper.me.xpi [2015-01-03]
FF Extension: Imgur Uploader - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\giorgio@gilestro.tk.xpi [2013-07-12]
FF Extension: Greasefire - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\greasefire@skrul.com.xpi [2013-10-15]
FF Extension: InspectThis - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\inspectthis@mackay.dyndns.info.xpi [2014-05-04]
FF Extension: Integrated Google Calendar - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\intgcal@egarracingteam.com.ar.xpi [2014-12-30]
FF Extension: Bitcoin Price Ticker - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid0-ziK34XHkBWB9ezxd4l9Q1yC7RP0@jetpack.xpi [2013-11-18]
FF Extension: Youtube Subscriptions Grid - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi [2013-10-03]
FF Extension: &quot;Manage search engines&quot; button - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2015-01-02]
FF Extension: Reddit Enhancement Suite - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2013-11-22]
FF Extension: Tabs Counter - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\jid1-z4HxJN5IfdzuoA@jetpack.xpi [2014-09-02]
FF Extension: Google Similar Images - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\nishan.naseer.googimagesearch@gmail.com.xpi [2014-09-08]
FF Extension: OPIE - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\OPIE@guid.customsoftwareconsult.com.xpi [2014-09-01]
FF Extension: Saved Password Editor - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\savedpasswordeditor@daniel.dawson.xpi [2013-07-12]
FF Extension: Save My Tabs - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\savemytabs@dmitriy.khudorozhkov.xpi [2014-09-01]
FF Extension: Simple Clocks - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\simpleClocks@grbradt.org.xpi [2014-06-13]
FF Extension: Stacked Inspector - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\stackedinspector@example.com.xpi [2014-05-04]
FF Extension: Stock Research - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\stockResearch@stock.research.xpi [2014-08-31]
FF Extension: The Addon Bar (restored) - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2014-05-04]
FF Extension: Thumbnail Zoom Plus - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-07-12]
FF Extension: Trader.bg - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\traderbg@jetpack.xpi [2013-07-12]
FF Extension: Tree Style Tab - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2014-12-31]
FF Extension: Resurrect Pages - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2013-11-10]
FF Extension: Session Manager - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-19]
FF Extension: TweakMDB - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{15a82062-5139-4855-9706-130a8a4be80c}.xpi [2013-07-12]
FF Extension: FlashGot - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-01-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-07-12]
FF Extension: X-notifier - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2014-09-05]
FF Extension: New tab toolbar button - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi [2015-01-02]
FF Extension: Stylish - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-12-10]
FF Extension: Send Tab URLs - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{4aebcd37-f454-4928-9233-174a026ed367}.xpi [2014-08-10]
FF Extension: youtubecustomhomepage - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{52db74c9-f566-42f2-9cb0-e72dd97f916d}.xpi [2013-07-12]
FF Extension: Download Status Bar - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2015-01-02]
FF Extension: NoScript - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-09]
FF Extension: More Tools Menu - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{9a7a67d3-3048-47fb-acde-d0f7ae51f86a}.xpi [2015-01-04]
FF Extension: Web Developer - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-10-12]
FF Extension: Adblock Plus - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-12]
FF Extension: StockFox - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{d39a0050-191f-11df-8a39-0800200c9a66}.xpi [2013-12-19]
FF Extension: Stock Market Quotes - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{d6b1e3fb-682a-402e-b4d4-9b8029d88314}.xpi [2014-08-31]
FF Extension: Greasemonkey - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-12]
FF Extension: Menu Editor - C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-07-12]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-28]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Profile: C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Skype Click to Call) - C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-21] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S4 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2013-07-24] (Comodo Security Solutions Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-05-30] (Comodo Security Solutions, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 SDScannerService; D:\C programs extention\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\C programs extention\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\C programs extention\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Synergy; C:\Program Files\Synergy\synergyd.exe [292352 2014-02-17] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 UI Assistant Service; C:\Program Files (x86)\GLOBUL Connection Manager\AssistantServices.exe [270672 2011-08-15] ()
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-11-11] (VIA Technologies, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-06-19] (Western Digital Technologies, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-06-18] (Western Digital Technologies, Inc.)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
R2 postgresql-8.4; c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-16] (DT Soft Ltd)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [165360 2014-07-21] (Windows ® Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12323072 2007-01-26] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-08-13] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [79872 2011-06-01] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [14336 2011-06-01] (ZTE)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 23:26 - 2015-01-05 23:28 - 00000000 ____D () C:\FRST
2015-01-05 16:08 - 2015-01-05 16:08 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-01-05 15:59 - 2015-01-05 18:25 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-05 15:59 - 2015-01-05 18:25 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-05 00:08 - 2015-01-05 11:25 - 00000000 ____D () C:\Program Files (x86)\OkayFreedom
2015-01-04 14:17 - 2015-01-04 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compare It!
2015-01-03 10:05 - 2015-01-03 10:05 - 00000038 ___SH () C:\Users\nazanda\AppData\Local\19586887405102195a546766.13213362
2015-01-03 10:05 - 2015-01-03 10:05 - 00000000 __SHD () C:\Users\nazanda\AppData\Local\icsxml
2015-01-03 10:05 - 2015-01-03 10:05 - 00000000 __SHD () C:\ProgramData\icsxml
2015-01-03 10:05 - 2015-01-03 10:05 - 00000000 __SHD () C:\ProgramData\DIBsection
2015-01-03 09:58 - 2015-01-03 09:58 - 00000744 _____ () C:\Users\nazanda\Desktop\AssetManage Enterprise 15.0.lnk
2015-01-03 09:58 - 2015-01-03 09:58 - 00000744 _____ () C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\AssetManage Enterprise 15.0.lnk
2015-01-03 09:58 - 2015-01-03 09:58 - 00000000 ____D () C:\Windows\AssetManage Enterprise
2015-01-03 09:58 - 2015-01-03 09:58 - 00000000 ____D () C:\Users\nazanda\Documents\AssetManage Enterprise
2015-01-03 09:58 - 2015-01-03 09:58 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AssetManage Enterprise
2015-01-02 09:57 - 2015-01-02 16:19 - 00000000 ____D () C:\Users\nazanda\Documents\Outlook Files
2015-01-02 08:43 - 2015-01-02 10:47 - 00065536 _____ () C:\Windows\system32\sxstrace.etl
2014-12-31 14:22 - 2014-12-31 14:23 - 00000000 ____D () C:\Windows\rescache
2014-12-31 04:56 - 2014-12-31 04:56 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-30 16:14 - 2014-12-13 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-30 16:14 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-29 16:42 - 2014-12-29 16:42 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-29 12:21 - 2014-12-29 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
2014-12-29 08:20 - 2014-12-04 04:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-29 08:20 - 2014-12-04 04:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-29 08:20 - 2014-12-04 04:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-29 08:20 - 2014-12-04 04:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-29 08:20 - 2014-12-04 04:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-29 08:20 - 2014-12-04 04:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-29 08:20 - 2014-12-04 04:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-29 08:20 - 2014-12-02 01:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-29 08:19 - 2014-11-27 03:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-29 08:19 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-29 08:19 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-29 08:19 - 2014-11-22 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-29 08:19 - 2014-11-22 05:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-29 08:19 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-29 08:19 - 2014-11-22 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-29 08:19 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-29 08:19 - 2014-11-22 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-29 08:19 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-29 08:19 - 2014-11-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-29 08:19 - 2014-11-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-29 08:19 - 2014-11-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-29 08:19 - 2014-11-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-29 08:19 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-29 08:19 - 2014-11-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-29 08:19 - 2014-11-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-29 08:19 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-29 08:19 - 2014-11-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-29 08:19 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-29 08:19 - 2014-11-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-29 08:19 - 2014-11-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-29 08:19 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-29 08:19 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-29 08:19 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-29 08:19 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-29 08:19 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-29 08:19 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-29 08:19 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-29 08:19 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-29 08:19 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-29 08:19 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-29 08:19 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-29 08:19 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-29 08:19 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-29 08:19 - 2014-11-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-29 08:19 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-29 08:19 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-29 08:19 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-29 08:19 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-29 08:19 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-29 08:19 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-29 08:19 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-29 08:19 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-29 08:19 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-29 08:19 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-29 08:19 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-29 08:19 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-29 08:19 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-29 08:19 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-29 08:19 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-29 08:19 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-29 08:19 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-29 08:19 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-29 08:19 - 2014-06-19 00:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-28 12:48 - 2015-01-05 16:01 - 00001848 _____ () C:\Windows\setupact.log
2014-12-28 12:48 - 2014-12-28 12:48 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-28 12:47 - 2015-01-05 15:24 - 00006620 _____ () C:\Windows\PFRO.log
2014-12-28 12:30 - 2014-12-28 12:30 - 00000989 _____ () C:\Users\Public\Desktop\UnCleaner.lnk
2014-12-28 12:30 - 2014-12-28 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2014-12-28 12:30 - 2014-12-28 12:30 - 00000000 ____D () C:\Program Files\UnCleaner
2014-12-27 13:27 - 2014-12-27 13:27 - 00012371 _____ () C:\Users\nazanda\Desktop\troubleshooting data.txt
2014-12-27 11:32 - 2015-01-05 16:00 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-12-27 11:24 - 2014-12-27 11:24 - 00262144 _____ () C:\Windows\system32\config\elam
2014-12-27 10:01 - 2014-12-27 10:03 - 00000241 _____ () C:\Users\nazanda\Desktop\d drive.txt
2014-12-27 06:47 - 2014-12-27 16:43 - 00006410 _____ () C:\Users\nazanda\Desktop\kasperski.txt
2014-12-27 05:23 - 2014-12-27 05:23 - 00001059 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-27 05:23 - 2014-12-27 05:23 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-27 05:23 - 2014-12-27 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-27 05:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-27 05:05 - 2014-12-27 12:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-27 05:03 - 2014-12-27 05:03 - 00000085 _____ () C:\Windows\wininit.ini
2014-12-25 07:38 - 2014-12-25 07:38 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-25 07:38 - 2014-12-25 07:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-25 07:13 - 2014-10-18 04:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-25 07:13 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-25 07:13 - 2014-07-07 04:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-25 07:13 - 2014-07-07 04:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-25 07:13 - 2014-07-07 04:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-25 07:13 - 2014-07-07 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-25 07:13 - 2014-07-07 03:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-25 07:13 - 2014-07-07 03:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-25 07:13 - 2014-07-07 03:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-25 07:13 - 2014-07-07 03:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-25 07:12 - 2014-12-25 07:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2014-12-25 07:11 - 2014-11-11 05:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-25 07:11 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-25 07:11 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-25 07:11 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-25 07:11 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-25 07:11 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-25 07:11 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-25 07:11 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-25 07:11 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-25 07:11 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-25 07:11 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-25 07:11 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-25 07:11 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-25 07:11 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-25 07:11 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-25 07:10 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-25 07:10 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-25 06:48 - 2014-12-25 06:48 - 00003212 _____ () C:\Windows\System32\Tasks\{C72B4C42-5F25-4AA7-98D7-DA3529824E33}
2014-12-25 06:17 - 2014-12-25 06:17 - 00000763 _____ () C:\Users\nazanda\Desktop\RKreport[0]_DN_12252014_061701.txt
2014-12-25 06:16 - 2014-12-25 06:16 - 00002872 _____ () C:\Users\nazanda\Desktop\RKreport[0]_D_12252014_061654.txt
2014-12-25 06:14 - 2014-12-25 06:14 - 00002742 _____ () C:\Users\nazanda\Desktop\RKreport[0]_S_12252014_061450.txt
2014-12-23 07:18 - 2014-12-23 07:18 - 00000000 ____D () C:\Users\nazanda\AppData\Local\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc
2014-12-23 07:17 - 2014-12-23 07:18 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc
2014-12-23 07:17 - 2014-12-23 07:17 - 00002333 _____ () C:\Users\nazanda\Desktop\TweetDeck by Twitter.lnk
2014-12-23 07:17 - 2014-12-23 07:17 - 00002333 _____ () C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TweetDeck by Twitter.lnk
2014-12-16 19:40 - 2014-12-16 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2014-12-14 23:18 - 2014-12-14 23:18 - 00000000 ____D () C:\Users\nazanda\AppData\Local\TeamViewer
2014-12-12 02:44 - 2014-12-12 02:44 - 00000000 ____D () C:\Program Files (x86)\Clownfish
2014-12-12 02:41 - 2014-12-12 02:41 - 00000000 ____D () C:\Users\nazanda\Documents\Skype Voice Records
2014-12-12 02:41 - 2014-12-12 02:41 - 00000000 ____D () C:\Users\nazanda\Documents\Clownfish Avatars
2014-12-11 12:56 - 2014-12-18 16:53 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-10 21:42 - 2014-12-10 21:42 - 00000000 ____D () C:\ProgramData\ATI
2014-12-09 11:49 - 2014-12-09 11:49 - 00053806 _____ () C:\Windows\SysWOW64\CCCInstall_201412091149144735.log
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Raptr
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 11:49 - 2014-12-09 11:49 - 00000000 ____D () C:\Program Files (x86)\AMD AVT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-05 23:26 - 2014-07-27 09:02 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Azureus
2015-01-05 23:26 - 2013-12-10 17:55 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Skype
2015-01-05 23:23 - 2013-07-12 14:32 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\uTorrent
2015-01-05 23:20 - 2013-07-12 00:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-05 23:16 - 2013-12-18 05:18 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000UA.job
2015-01-05 22:57 - 2013-09-01 10:38 - 00000000 ____D () C:\AdwCleaner
2015-01-05 22:32 - 2014-02-14 03:17 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000.job
2015-01-05 21:04 - 2014-01-08 00:26 - 00000000 ____D () C:\Users\nazanda\AppData\Local\CrashDumps
2015-01-05 18:27 - 2014-08-15 00:49 - 00000000 ____D () C:\Users\nazanda\AppData\Local\Adobe
2015-01-05 16:08 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:08 - 2009-07-14 06:45 - 00026768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-05 16:06 - 2013-07-25 15:45 - 00416826 _____ () C:\Windows\system32\perfh011.dat
2015-01-05 16:06 - 2013-07-25 15:45 - 00122208 _____ () C:\Windows\system32\perfc011.dat
2015-01-05 16:06 - 2013-07-25 15:40 - 00509462 _____ () C:\Windows\system32\perfh006.dat
2015-01-05 16:06 - 2013-07-25 15:40 - 00098766 _____ () C:\Windows\system32\perfc006.dat
2015-01-05 16:06 - 2013-07-25 15:31 - 00401070 _____ () C:\Windows\system32\prfh0404.dat
2015-01-05 16:06 - 2013-07-25 15:31 - 00115198 _____ () C:\Windows\system32\prfc0404.dat
2015-01-05 16:06 - 2013-07-25 15:26 - 00713928 _____ () C:\Windows\system32\prfh0416.dat
2015-01-05 16:06 - 2013-07-25 15:26 - 00147764 _____ () C:\Windows\system32\prfc0416.dat
2015-01-05 16:06 - 2013-07-25 15:22 - 00729066 _____ () C:\Windows\system32\prfh0816.dat
2015-01-05 16:06 - 2013-07-25 15:22 - 00153014 _____ () C:\Windows\system32\prfc0816.dat
2015-01-05 16:06 - 2013-07-25 15:19 - 00740406 _____ () C:\Windows\system32\perfh015.dat
2015-01-05 16:06 - 2013-07-25 15:19 - 00155980 _____ () C:\Windows\system32\perfc015.dat
2015-01-05 16:06 - 2013-07-25 15:15 - 00656730 _____ () C:\Windows\system32\perfh01F.dat
2015-01-05 16:06 - 2013-07-25 15:15 - 00140108 _____ () C:\Windows\system32\perfc01F.dat
2015-01-05 16:06 - 2013-07-25 15:09 - 00383998 _____ () C:\Windows\system32\prfh0804.dat
2015-01-05 16:06 - 2013-07-25 15:09 - 00119700 _____ () C:\Windows\system32\prfc0804.dat
2015-01-05 16:06 - 2013-07-25 14:58 - 00724648 _____ () C:\Windows\system32\perfh019.dat
2015-01-05 16:06 - 2013-07-25 14:58 - 00150950 _____ () C:\Windows\system32\perfc019.dat
2015-01-05 16:06 - 2013-07-25 14:55 - 00494562 _____ () C:\Windows\system32\perfh014.dat
2015-01-05 16:06 - 2013-07-25 14:55 - 00095512 _____ () C:\Windows\system32\perfc014.dat
2015-01-05 16:06 - 2013-07-25 14:52 - 00607036 _____ () C:\Windows\system32\perfh008.dat
2015-01-05 16:06 - 2013-07-25 14:52 - 00111236 _____ () C:\Windows\system32\perfc008.dat
2015-01-05 16:06 - 2013-07-25 14:48 - 00663768 _____ () C:\Windows\system32\perfh01D.dat
2015-01-05 16:06 - 2013-07-25 14:48 - 00142582 _____ () C:\Windows\system32\perfc01D.dat
2015-01-05 16:06 - 2013-07-25 14:45 - 00428472 _____ () C:\Windows\system32\perfh012.dat
2015-01-05 16:06 - 2013-07-25 14:45 - 00120492 _____ () C:\Windows\system32\perfc012.dat
2015-01-05 16:06 - 2013-07-25 14:42 - 00668888 _____ () C:\Windows\system32\perfh005.dat
2015-01-05 16:06 - 2013-07-25 14:42 - 00141534 _____ () C:\Windows\system32\perfc005.dat
2015-01-05 16:06 - 2013-07-25 14:34 - 00743546 _____ () C:\Windows\system32\perfh013.dat
2015-01-05 16:06 - 2013-07-25 14:34 - 00153210 _____ () C:\Windows\system32\perfc013.dat
2015-01-05 16:06 - 2013-07-25 14:29 - 00481550 _____ () C:\Windows\system32\perfh00B.dat
2015-01-05 16:06 - 2013-07-25 14:29 - 00101628 _____ () C:\Windows\system32\perfc00B.dat
2015-01-05 16:06 - 2013-07-25 14:26 - 00683802 _____ () C:\Windows\system32\perfh00E.dat
2015-01-05 16:06 - 2013-07-25 14:26 - 00171382 _____ () C:\Windows\system32\perfc00E.dat
2015-01-05 16:06 - 2013-07-25 14:22 - 00745504 _____ () C:\Windows\system32\perfh00A.dat
2015-01-05 16:06 - 2013-07-25 14:22 - 00158582 _____ () C:\Windows\system32\perfc00A.dat
2015-01-05 16:06 - 2013-07-25 14:19 - 00392392 _____ () C:\Windows\system32\perfh00D.dat
2015-01-05 16:06 - 2013-07-25 14:19 - 00084866 _____ () C:\Windows\system32\perfc00D.dat
2015-01-05 16:06 - 2013-07-25 14:15 - 00740094 _____ () C:\Windows\system32\perfh010.dat
2015-01-05 16:06 - 2013-07-25 14:15 - 00146954 _____ () C:\Windows\system32\perfc010.dat
2015-01-05 16:06 - 2013-07-25 14:13 - 00745764 _____ () C:\Windows\system32\perfh00C.dat
2015-01-05 16:06 - 2013-07-25 14:13 - 00479062 _____ () C:\Windows\system32\perfh001.dat
2015-01-05 16:06 - 2013-07-25 14:13 - 00149688 _____ () C:\Windows\system32\perfc00C.dat
2015-01-05 16:06 - 2013-07-25 14:13 - 00094880 _____ () C:\Windows\system32\perfc001.dat
2015-01-05 16:06 - 2013-07-25 14:08 - 00697256 _____ () C:\Windows\system32\perfh007.dat
2015-01-05 16:06 - 2013-07-25 14:08 - 00149224 _____ () C:\Windows\system32\perfc007.dat
2015-01-05 16:06 - 2009-07-14 07:13 - 17450248 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-05 16:04 - 2013-07-12 06:06 - 01193780 _____ () C:\Windows\WindowsUpdate.log
2015-01-05 16:01 - 2013-07-12 00:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-05 16:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-05 15:49 - 2014-08-09 15:56 - 00000000 ____D () C:\ProgramData\Western Digital
2015-01-05 15:19 - 2013-07-13 15:23 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\vlc
2015-01-05 09:45 - 2014-12-03 07:28 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Steganos VPN
2015-01-05 00:08 - 2014-12-03 07:27 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\Steganos
2015-01-04 20:19 - 2013-07-12 13:07 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-03 20:14 - 2013-07-14 18:43 - 00000000 ____D () C:\Users\postgres
2015-01-03 11:40 - 2014-07-28 22:50 - 00002463 _____ () C:\Users\nazanda\Desktop\fxTrade.lnk
2015-01-02 14:13 - 2013-07-24 05:51 - 00014848 _____ () C:\Users\nazanda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-02 09:57 - 2013-07-12 13:20 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\TeamViewer
2015-01-02 06:16 - 2013-12-18 05:18 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000Core.job
2015-01-01 20:52 - 2014-08-18 19:40 - 00000410 _____ () C:\Windows\Tasks\Backup of C xml.job
2015-01-01 00:07 - 2013-09-28 09:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-31 04:56 - 2013-09-28 09:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-30 16:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-29 16:42 - 2014-06-21 10:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-29 16:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-29 08:29 - 2014-02-15 11:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 08:27 - 2013-07-16 19:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-28 12:34 - 2013-07-12 06:57 - 00000000 ____D () C:\Windows\Panther
2014-12-28 12:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-12-27 06:59 - 2013-09-15 11:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-27 05:23 - 2013-09-15 11:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-27 05:12 - 2014-09-18 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-12-27 05:12 - 2014-08-18 18:38 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-12-27 05:12 - 2013-12-10 17:55 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-12-27 05:12 - 2013-07-12 11:51 - 00000000 ____D () C:\ProgramData\Skype
2014-12-26 06:17 - 2014-02-17 01:36 - 00000000 ____D () C:\Users\nazanda\Desktop\chat skype trading
2014-12-25 09:31 - 2013-09-15 08:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-25 07:14 - 2014-01-14 23:10 - 00000000 ____D () C:\ProgramData\firebird
2014-12-25 07:09 - 2014-11-16 23:42 - 00002360 _____ () C:\Users\nazanda\Desktop\razgovor to delete.txt
2014-12-25 06:55 - 2014-01-21 19:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-25 06:53 - 2014-07-16 21:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-25 06:29 - 2013-10-24 15:39 - 00000000 ____D () C:\Users\nazanda\Desktop\RK_Quarantine
2014-12-20 19:44 - 2014-02-14 03:17 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000
2014-12-20 16:52 - 2013-07-12 13:36 - 00000000 ____D () C:\Users\nazanda\AppData\Local\Thunderbird
2014-12-20 16:39 - 2013-07-12 13:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 16:26 - 2013-08-18 02:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-18 16:08 - 2013-07-12 11:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 00:22 - 2013-07-12 01:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-18 00:22 - 2013-07-12 01:26 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-12 07:51 - 2013-07-12 16:52 - 00000000 ____D () C:\Users\nazanda\AppData\Roaming\BSplayer
2014-12-12 02:45 - 2013-11-03 15:38 - 00001030 _____ () C:\Users\nazanda\Desktop\Pure Poker 2.0.lnk
2014-12-12 02:45 - 2013-07-24 23:35 - 00000000 ____D () C:\Program Files (x86)\Lock Poker
2014-12-11 22:30 - 2013-11-20 20:15 - 00110504 _____ () C:\Users\nazanda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-11 22:29 - 2013-11-20 20:14 - 00411776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-09 13:10 - 2013-08-17 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 11:49 - 2014-08-04 15:24 - 00000000 ____D () C:\ProgramData\AMD
2014-12-09 11:49 - 2014-08-04 15:24 - 00000000 ____D () C:\Program Files (x86)\Raptr

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-04 17:46

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015
Ran by nazanda at 2015-01-05 23:28:48
Running from F:\firefox downloads\firefox 01 22 2014
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Allway Sync version 11.6.1 (HKLM-x32\...\Allway Sync_is1) (Version: - Botkind Inc)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AppsHat Mobile Apps (HKU\S-1-5-21-1315861483-2587834430-1896926071-1002\...\AppsHat Mobile Apps) (Version: 1.0.0.0 - Somoto Ltd.) <==== ATTENTION
AssetManage Enterprise 2010 (HKLM-x32\...\AssetManage_Ent2010) (Version: 2010 - Liberty Street Software)
ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM-x32\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.10 - Atheros Communications Inc.)
Auto Mouse Mover 1.8.1 (HKLM-x32\...\{08FD4323-8909-4973-BD2E-7250D2D93D0C}_is1) (Version: 1.8.1 - MurGee.com)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Betsson Poker by Microgaming (HKLM-x32\...\betssonpoker (Poker)) (Version: 16.6.2.11243 - )
Bitcoin (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.67.1076 - AB Team, d.o.o.)
BTCCharts (HKLM-x32\...\BTCCharts) (Version: 1 - UNKNOWN)
BTCCharts (x32 Version: 1 - UNKNOWN) Hidden
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - )
Canon MP260 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP260_series) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Compare It! (HKLM-x32\...\Compare It!_is1) (Version: 4.2 - Grig Software)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Dailymotion Mass Uploader (HKLM-x32\...\com.dailymotion.massuploader) (Version: 0.1.1 - Dailymotion)
Dailymotion Mass Uploader (x32 Version: 0.1.1 - Dailymotion) Hidden
DelinvFile - 4.05 (HKLM-x32\...\DelinvFile_is1) (Version: 4.05 - Assistance and Resources for Computing, Inc.)
Digital Editions Converter (HKLM-x32\...\DigitalEditions) (Version: 1.4.1 - eBook Converter)
FlashGet 1.9.6.1073 (HKLM-x32\...\FlashGet) (Version: 1.9.6.1073 - http://www.FlashGet.com)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
FreeOCR v4.2 (HKLM-x32\...\freeocr_is1) (Version: - )
GeekBuddy (HKLM-x32\...\{00B6D29A-4BBB-460C-A312-3D5B2FFB23E2}) (Version: 4.8.66 - Comodo Security Solutions Inc)
GLOBUL Connection Manager (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 28.0.1500.72 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
IVONA 2 (HKLM-x32\...\IVONA 2) (Version: 1.6.63 - IVONA Software Sp. z o.o.)
IVONA ControlCenter (HKLM-x32\...\IVONA ControlCenter) (Version: 1.1.2 - IVONA Software Sp. z o.o.)
IVONA MiniReader (HKLM-x32\...\IVONA MiniReader) (Version: - IVONA Software Sp. z o.o.)
IVONA Reader (HKLM-x32\...\IVONA Reader) (Version: - IVONA Software Sp. z o.o.)
Jaksta Media Recorder (5.0.1.54) (HKLM-x32\...\Jaksta Media Recorder) (Version: 5.0.1.54 - Jaksta Technologies)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
K-Lite Codec Pack 9.9.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7149 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MODEM device (x32 Version: 1.0.0.1 - Default Company Name) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
MyConnection PC Lite Edition (HKLM-x32\...\MyConnection PC Lite Edition) (Version: - )
NaturalReaderFree (HKLM-x32\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - )
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Pure Poker 2.0 (HKLM-x32\...\Pure Poker 2.0) (Version: 2.0.1.8108 - Pure Poker)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synergy (HKLM-x32\...\Synergy) (Version: 1.4.16 - The Synergy Project)
TeamSpeak 3 Client (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Trojan Remover 6.8.8 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.8.8 - Simply Super Software)
TweetDeck (HKLM-x32\...\{C4ADB67B-C908-4D94-B85E-585D2F3F9118}) (Version: 3.3.7 - Twitter)
TweetDeck by Twitter (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc) (Version: 1 - Twitter Inc.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Unibet Poker v1.9.6 (HKLM-x32\...\{F75070CD-DBC0-4857-9B3F-A0F888C5EB67}_is1) (Version: 1.9.6 - Relax Gaming Ltd)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
USB2.0 PC Camera (SN9C201&202) (HKLM-x32\...\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}) (Version: 5.7.19.103 - Sonix)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VisualRoute Lite Edition (HKLM-x32\...\VisualRoute Lite Edition) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM-x32\...\{2F540611-6560-470F-924A-5F52EFA9156F}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A95E3E66-D5A4-404E-997D-02562AA492E8}) (Version: 1.0.5.7 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WD SmartWare (HKLM\...\{EC54143B-24CC-47D2-AB39-0F5701988BA4}) (Version: 2.1.0.11 - Western Digital Technologies, Inc.)
WinHTTrack Website Copier 3.48-19 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.19 - HTTrack)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2013-10-04 01:54 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032B408F-445A-446D-8093-E722B9074033} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000UA => C:\Users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {0797BD28-1090-43C3-9407-9ED7D9067CEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000Core => C:\Users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-09] (Google Inc.)
Task: {0E754D20-4EF6-4F7D-AC7F-0D6E06DB5F59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {174F8C6F-30EC-4C2C-A103-759E6E34A744} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: {205EE2D2-B798-472E-AAF6-821D28A9BE6F} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {3489AB41-6039-4C54-98B6-67B541481565} - System32\Tasks\{29BBDC6E-7A9F-4AF6-AA58-DD05024B7967} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.0.0.152&amp;LastError=12007
Task: {515B4ED5-CFA7-411F-8C23-C3E1C7D9D40E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-22] (Piriform Ltd)
Task: {6682EF0E-E3A2-4939-90F5-7D72353E4655} - System32\Tasks\{C72B4C42-5F25-4AA7-98D7-DA3529824E33} => pcalua.exe -a "F:\firefox downloads\firefox 01 22 2014\jxpiinstall(1).exe" -d "F:\firefox downloads\firefox 01 22 2014"
Task: {79568064-1C6E-4A21-8F10-F86345070802} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {880705FA-1FBC-4775-8218-CF49ABD4A635} - System32\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000 => C:\Users\nazanda\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {97345CBA-2F71-4A24-9536-FA482497A9D6} - System32\Tasks\Backup of C xml => C:\Program Files\Macrium\Reflect\Reflect.exe [2014-08-17] (Paramount Software UK Ltd)
Task: {9BF74927-15F1-4548-8B44-A56D189926CF} - System32\Tasks\{F8FB7628-3D1D-4BAF-AE41-0FDE478268FA} => pcalua.exe -a C:\Users\nazanda\Downloads\firefox\irfanview_plugins_436_setup(1).exe -d C:\Users\nazanda\Downloads\firefox
Task: {BD07FF99-713B-45AA-9D5F-0D4BE99694AD} - System32\Tasks\{02F44960-9598-47CE-98D2-53C7A06E8202} => pcalua.exe -a "E:\programi\Video Folder\bsplayer257.1051ENnew.exe" -d "E:\programi\Video Folder"
Task: {C3D3646F-CDAD-4288-BD0A-A709E9491E70} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {D138E271-97E2-4F78-8DCC-6DD2AF8DFB3C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D41F62CF-6F0A-49FA-A81A-6E8104F00E1D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DC55BB91-17A5-4123-A8AA-5F16FE56DEFD} - System32\Tasks\{18E47E29-E2D2-4044-A5AD-42243A1C8607} => Firefox.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: C:\Windows\Tasks\Backup of C xml.job => C:\Program Files\Macrium\Reflect\Reflect.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000.job => C:\Users\nazanda\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000Core.job => C:\Users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000UA.job => C:\Users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-17 22:47 - 2014-02-17 22:47 - 00292352 _____ () C:\Program Files\Synergy\synergyd.exe
2014-03-16 16:52 - 2011-08-15 10:26 - 00270672 _____ () C:\Program Files (x86)\GLOBUL Connection Manager\AssistantServices.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-10-22 20:28 - 2013-10-22 20:28 - 00024064 _____ () C:\Program Files\Synergy\synwinxt.dll
2014-03-16 16:52 - 2011-08-15 10:26 - 00153424 _____ () C:\Program Files (x86)\GLOBUL Connection Manager\UIExec.exe
2015-01-05 13:45 - 2015-01-05 13:45 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010500\algo.dll
2015-01-05 22:27 - 2015-01-05 22:27 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010501\algo.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-07-14 18:42 - 2011-01-28 07:15 - 00172032 _____ () c:\postgreSQL\bin\LIBPQ.dll
2013-07-14 18:42 - 2009-02-12 21:01 - 00976384 _____ () c:\postgreSQL\bin\libxml2.dll
2013-07-14 18:42 - 2005-07-20 12:48 - 00059904 _____ () c:\postgreSQL\bin\zlib1.dll
2014-12-27 05:23 - 2014-05-13 12:04 - 00109400 _____ () D:\C programs extention\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-27 05:23 - 2014-05-13 12:04 - 00416600 _____ () D:\C programs extention\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-27 05:23 - 2014-05-13 12:04 - 00167768 _____ () D:\C programs extention\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-27 05:23 - 2012-08-23 10:38 - 00574840 _____ () D:\C programs extention\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-27 05:23 - 2012-04-03 17:06 - 00565640 _____ () D:\C programs extention\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2014-07-27 09:02 - 2014-04-25 13:02 - 00086840 _____ () C:\Program Files (x86)\Vuze\aereg.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-27 09:02 - 2014-06-24 14:12 - 00176128 _____ () C:\Users\nazanda\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.17-M2-x86.dll
2014-07-27 09:02 - 2014-06-24 14:12 - 00014304 _____ () C:\Users\nazanda\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
2014-11-21 17:43 - 2014-11-21 17:43 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-18 02:52 - 2014-12-19 16:26 - 03339376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-08-18 02:52 - 2014-12-19 16:26 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-08-18 02:52 - 2014-12-19 16:26 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-11-01 09:47 - 2013-11-01 09:47 - 36625920 _____ () C:\Program Files (x86)\Twitter\TweetDeck\libcef.dll
2013-11-01 09:47 - 2013-11-01 09:47 - 00861184 _____ () C:\Program Files (x86)\Twitter\TweetDeck\ffmpegsumo.dll
2013-11-01 09:47 - 2013-11-01 09:47 - 00880640 _____ () C:\Program Files (x86)\Twitter\TweetDeck\libglesv2.dll
2013-11-01 09:47 - 2013-11-01 09:47 - 00102400 _____ () C:\Program Files (x86)\Twitter\TweetDeck\libegl.dll
2013-07-12 00:54 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2005-08-14 22:09 - 2005-08-14 22:09 - 00111616 _____ () C:\Program Files (x86)\Webteh\BSPlayer\plugins\oldskin.dll
2013-07-24 10:23 - 2012-04-08 23:40 - 03470848 _____ () C:\Users\nazanda\AppData\Roaming\BSplayer\FFDShow\ffdshow.ax
2013-07-24 10:23 - 2012-04-08 23:39 - 00146944 _____ () C:\Users\nazanda\AppData\Roaming\BSplayer\FFDShow\ff_libmad.dll
2013-07-24 10:23 - 2009-08-11 20:19 - 00797184 _____ () C:\Users\nazanda\AppData\Roaming\BSplayer\AC3 Filter\ac3filter.ax
2013-07-24 10:23 - 2009-08-11 20:21 - 01021440 _____ () C:\Users\nazanda\AppData\Roaming\BSplayer\AC3 Filter\ac3filter_intl.dll
2013-07-24 05:58 - 2013-05-27 14:47 - 01100288 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-55.dll
2013-07-24 05:58 - 2013-05-27 14:47 - 07260672 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-55.dll
2013-07-24 05:58 - 2013-05-27 14:47 - 00218112 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
2013-07-24 05:58 - 2013-05-27 14:47 - 00184320 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\libbluray.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: CLPSLauncher => 2
MSCONFIG\Services: GeekBuddyRSP => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: HssWd => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: VIAKaraokeService => 2
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: TrojanScanner => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
MSCONFIG\startupreg: tsnp2std => C:\Windows\tsnp2std.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1315861483-2587834430-1896926071-500 - Administrator - Disabled)
Guest (S-1-5-21-1315861483-2587834430-1896926071-501 - Limited - Disabled) => C:\Users\Guest
nazanda (S-1-5-21-1315861483-2587834430-1896926071-1000 - Administrator - Enabled) => C:\Users\nazanda
postgres (S-1-5-21-1315861483-2587834430-1896926071-1002 - Limited - Enabled) => C:\Users\postgres

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/05/2015 09:04:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x2334
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/05/2015 08:48:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x1fe4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/05/2015 08:48:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: xul.dll, version: 34.0.5.5443, time stamp: 0x5475fe63
Exception code: 0xc0000005
Fault offset: 0x003bd615
Faulting process id: 0x2350
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/05/2015 08:38:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 34.0.5.5443, time stamp: 0x5475dd5d
Faulting module name: mozalloc.dll, version: 34.0.5.5443, time stamp: 0x5475d664
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x14c8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/05/2015 04:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 04:00:51 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-01-05 16:00:51 EETFATAL: the database system is starting up

Error: (01/05/2015 03:50:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 03:49:50 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-01-05 15:49:50 EETFATAL: the database system is starting up

Error: (01/05/2015 03:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 09:44:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/03/2015 11:28:07 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/03/2015 09:55:23 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/02/2015 06:45:18 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/01/2015 11:01:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/01/2015 03:05:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/31/2014 06:40:06 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/30/2014 02:40:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.

Error: (12/29/2014 10:18:30 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/28/2014 00:37:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/28/2014 09:50:17 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (01/05/2015 09:04:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d6648000000300001425233401d0291a3110c5c8C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla02d6f41-950d-11e4-b742-00304c47a673

Error: (01/05/2015 08:48:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d66480000003000014251fe401d02918091fc7ecC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll68f62794-950b-11e4-b742-00304c47a673

Error: (01/05/2015 08:48:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dxul.dll34.0.5.54435475fe63c0000005003bd615235001d029181a309f44C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll652a4449-950b-11e4-b742-00304c47a673

Error: (01/05/2015 08:38:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.54435475dd5dmozalloc.dll34.0.5.54435475d664800000030000142514c801d029050e053a07C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll091f15b9-950a-11e4-b742-00304c47a673

Error: (01/05/2015 04:00:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 04:00:51 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-01-05 16:00:51 EETFATAL: the database system is starting up

Error: (01/05/2015 03:50:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 03:49:50 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2015-01-05 15:49:50 EETFATAL: the database system is starting up

Error: (01/05/2015 03:25:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/05/2015 09:44:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-10-04 02:53:42.150
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-04 02:53:41.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570 CPU @ 3.40GHz
Percentage of memory in use: 17%
Total physical RAM: 32720.45 MB
Available physical RAM: 26918.52 MB
Total Pagefile: 65439.09 MB
Available Pagefile: 59756.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:6.67 GB) NTFS
Drive d: (d) (Fixed) (Total:931.51 GB) (Free:837.56 GB) NTFS
Drive f: (f) (Fixed) (Total:3725.99 GB) (Free:1274.67 GB) NTFS
Drive g: (g) (Fixed) (Total:1862.98 GB) (Free:130.17 GB) NTFS
Drive h: (h) (Fixed) (Total:1862.98 GB) (Free:3.64 GB) NTFS
Drive i: (i) (Fixed) (Total:3725.99 GB) (Free:1321.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 349CEAAF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7A02354B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 3.

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Attached Files


Edited by Oh My!, 10 January 2015 - 11:35 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:49 AM

Posted 10 January 2015 - 11:45 AM

Greetings raror and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

----------

Please copy and paste FRST.exe onto your desktop:

Running from F:\firefox downloads\firefox 01 22 2014

----------

Can you tell me if your Internet Service Provider is Bulgaria Sofia Online Direct?

----------

Please consider and run the following for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

AppsHat Mobile Apps

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\probni bookmarkove (delete if you want) - Shortcut.lnk
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {205EE2D2-B798-472E-AAF6-821D28A9BE6F} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Verify Internet service provider
  • Did the program uninstall properly?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 10 January 2015 - 07:49 PM

 Hi Gary!

 

I will answer as soon as i can every time.

 

Yes ,the ISP is correct

 

Could you explain what the fixlist.txt for FRST is , for example I’ve used adwcleaner a few times and one time It deleted all of my search engines on firefox ,and I couldn’t recover them. I also used combofix a few times and then was told that it was a bad idea to run it on my own , So now I want to be much more careful about running programs like those and doing an automatic clean. And here in this fixlist.txt I’m seeing “lock poker” ,which is a legitimate program actually and the startup shortcuts I do need to load up on start up as well from here:

Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\probni bookmarkove (delete if you want) - Shortcut.lnk

 

Also there's 2 firefox addons on the list that have to do with avast internet security. I think i disabled the "avast browser security and web reputation" addon because it was giving me some kind of issues i dont quite remember but it could've just been accessability issues , but it was certainly enough for me to disable it, so i'm actually mostly interested in what the lines mean that modify anything on my browsers and specifically firefox. I would really appreciate some kind of explanation as to what the fixes mean at least in that area (firefox)

 

I’m also not seeing “AppsHat Mobile Apps” in appwiz.cpl (add and remove programs)

 

As far as bittorent , i don't actually download anything bad ,but i am familiar with this issue, do you think using a program like peerblock is a good idea? It might be having interferences with my other security programs or specifically avast because it doesn't start on startup ,but it is supposed to be useful in this area
 

I would like to also add a scan by malwarebytes ,i think it might help:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/7/2015
Scan Time: 3:41:00 PM
Logfile: malwarebytes log.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.07.08
Rootkit Database: v2015.01.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nazanda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 450419
Time Elapsed: 5 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.Yoono.A, C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\yoono, , [6c280de7177239fd0ba4a2c0877cdb25],

Files: 3
PUP.Optional.AZLyrics.A, C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [afe57c78593065d13aa272f8a0631de3],
PUP.Optional.Yoono.A, C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\yoono\cookies.sqlite, , [6c280de7177239fd0ba4a2c0877cdb25],
PUP.Optional.Yoono.A, C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\yoono\yoono.log, , [6c280de7177239fd0ba4a2c0877cdb25],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Thank you


Edited by raror, 10 January 2015 - 08:42 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:49 AM

Posted 10 January 2015 - 09:08 PM

Greetings and thanks for the information.

Absolutely you can ask what we are doing, it is your computer.

----------

Regarding

Startup: C:\Users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\probni bookmarkove (delete if you want) - Shortcut.lnk

You can remove this entry from the fixlist so that it will remain. I could not confirm it was a legitimate entry but apparently it is something you created.

----------

It is not uncommon for a program to be listed in the log but not actually be listed in Programs and Features. Since it is not there we are not going to worry about it because it doesn't need to be worried over.

----------

The danger with Torrents is that in many cases it is untested information being shared. If you are not certain the source is reputable and reliable then you should consider the content you are downloading is the same. The best preventative measure is to only download from trusted sources.

-----------

It is not uncommon for malware to modify Browser settings so we routinely reset them back to their default state. That is what we are accomplishing with this line in the fix:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION


----------

For AdwCleaner there is the option to uncheck items you don't want the program to remove. I have found that most people are so confused by the entries that they end up worse off for having reviewed the list. They are paralyzed by the entries because they don't have a clue what many of them are and they are afraid to decide one way or the other. You should be able to reinstall any items removed that are "legitimate" but the program considers marginal. You are also free to uncheck any item you wish and it will not be removed.

----------

Now regarding the Fixlist. Any entry ending with [X] or No (Task) File means it is an orphaned entry. In the example below this line is telling us there is Registry entry pointing to a file that does not exist. Therefore we want to remove entries pointing to nowhere.

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]


----------
 

AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID

And finally, we are not actually removing Lock Poker even though it may appear that is what we are doing. All we are doing is deleting the "Alternate Data Stream" that is attached to the program.

An Alternate Data Stream (ADS) can be used for a legitimate purpose but most times it is not. Malware authors use an ADS to hide malicious data so that it will be implemented without being easily detected. Modern tools now routinely locate these previously hard to find entries.

As best as I can determine your Lock Poker is an example of "it is not." I could explain my research into this entry but it may be more than you are interested in. The bottom line is I think it is far more likely the ADS should be removed than allowed to remain. Other similar entries have been removed from a User's system without any apparent adverse affect to the Lock Poker program.

Ultimately the decision to leave or remove the entry is up to you. When a computer has been compromised I typically lean on the side of caution rather than risk. In your case my definition of caution equates to removal of the ADS. Once again, ultimately it is you decision.

----------

Hopefully I have covered all of your concerns but if not please let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 01:20 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by nazanda at 2015-01-11 08:17:24 Run:1
Running from C:\Users\nazanda\Desktop
Loaded Profiles: nazanda & postgres (Available profiles: nazanda & postgres & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nazanda\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {205EE2D2-B798-472E-AAF6-821D28A9BE6F} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
AlternateDataStreams: C:\Program Files (x86)\Lock Poker:MID
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
*****************

"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
catchme => Service deleted successfully.
VGPU => Service deleted successfully.
"HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1315861483-2587834430-1896926071-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{205EE2D2-B798-472E-AAF6-821D28A9BE6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{205EE2D2-B798-472E-AAF6-821D28A9BE6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
C:\Program Files (x86)\Lock Poker => ":MID" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0AACC9" ADS removed successfully.

==== End of Fixlog 08:17:24 ====



#8 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 01:47 AM

Thank you for the fast reply Gary

 

 

I’m also not seeing “AppsHat Mobile Apps” in appwiz.cpl (add and remove programs)

 

It is not uncommon for a program to be listed in the log but not actually be listed in Programs and Features. Since it is not there we are not going to worry about it because it doesn't need to be worried over.

Yeah i think i had a program like this and then i deleted it, but i'm not 100% sure. I wouldn't mind removing any traces of it,if it's potentially malicious.

 

 

 It is not uncommon for malware to modify Browser settings so we routinely reset them back to their default state. That is what we are accomplishing with this line in the fix:

I had a few malwares months ago dealing with search engine changes in my browsers like the delta-search , start,search.us.com , the mixi dj toolbar and a few others. I think some of them were the js/redir.cp,  the tr/atraps.gen , the findright virus. There were also a few PUP's like optional.optimizerPro , Optional.BrowseFox , Optional.DefaultTab , Fox News Toolbar , Optional.OpenCandy , Globososo.com search and tsnp2std.exe but i think that might be my webcam driver specifically.

 

I think i dealt with those and followed instructions on websites and some of them came from bleepingcomputer, but i wanted to tell you anyway.

 

 

An Alternate Data Stream (ADS) can be used for a legitimate purpose but most times it is not. Malware authors use an ADS to hide malicious data so that it will be implemented without being easily detected. Modern tools now routinely locate these previously hard to find entries.

 

 I am interested. in everything you have to say

The way i understand it , i should probably be somewhat worried about the way lock poker is working as of right now, so maybe i will also think of having it removed , in the back of my mind.
And removing it altogether would fix any potential issues , i think?

I did the FRST clean without these three lines as you probably saw. I just wondered if these actually reset any options that i have set in my browsers before i actually run them?

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

 

i assume i can just run the same fixlist.txt again with these 3 lines in tact, correct?

To add to the issues , i just got this weird mouse pointer looking like a bar that changes a few times into like a vertical line with sideways lines coming out of it like a half tree. And then when you point at images or something i guess it changed into other pointers. I tried to print screen it a few times ,but the pointer wouldn't show up in paint when i pasted it.
And on another point , I've actually had this longer term issue with the mouse that when i scroll down every so often i get the opposite of the direction i want. I would be scrolling down and at some point it actually glitches and scrolls up. I thought cleaning the scroll button would help ,but it didn't much.


Edited by raror, 11 January 2015 - 05:42 AM.


#9 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 01:57 AM

# AdwCleaner v4.107 - Report created 11/01/2015 at 09:48:11
# Updated 07/01/2015 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : nazanda - NAZANDA-PC
# Running from : C:\Users\nazanda\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk
[x] Not Deleted : C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js
File Deleted : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\nazanda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


-\\ Google Chrome v28.0.1500.72


*************************

AdwCleaner[R20].txt - [2071 octets] - [25/12/2014 06:00:42]
AdwCleaner[R21].txt - [3068 octets] - [27/12/2014 03:05:21]
AdwCleaner[R22].txt - [2984 octets] - [27/12/2014 03:40:03]
AdwCleaner[R23].txt - [2904 octets] - [27/12/2014 03:46:19]
AdwCleaner[R24].txt - [3062 octets] - [27/12/2014 16:01:06]
AdwCleaner[R25].txt - [6186 octets] - [27/12/2014 16:02:49]
AdwCleaner[R26].txt - [3185 octets] - [05/01/2015 22:56:50]
AdwCleaner[R27].txt - [3210 octets] - [11/01/2015 08:41:00]
AdwCleaner[R28].txt - [2974 octets] - [11/01/2015 09:45:21]
AdwCleaner[S11].txt - [2583 octets] - [11/01/2015 09:48:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [2644 octets] ##########
 

 

 

 

For AdwCleaner there is the option to uncheck items you don't want the program to remove. I have found that most people are so confused by the entries that they end up worse off for having reviewed the list. They are paralyzed by the entries because they don't have a clue what many of them are and they are afraid to decide one way or the other. You should be able to reinstall any items removed that are "legitimate" but the program considers marginal. You are also free to uncheck any item you wish and it will not be removed.

 

Is there a website that explains what each detection means in adwcleaner?

I'm particularly interested in what these will do when i clean them:


***** [ Files / Folders ] *****
File Found : C:\Users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\user.js

***** [ Browsers ] *****

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[4hz6f8cz.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "Twitter,About.com,Amazon.com[...]

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

 

 

 

As a side point , i have had this Conduit detection popping up in adwcleaner for quite a long time and i've cleaned it and it keeps coming back, and i've also used the Junk removal program during that time, but these detections are still there.
 


Edited by raror, 11 January 2015 - 02:54 AM.


#10 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 04:49 AM

Ah well, JRT of course gave no options as to deleting what it wanted to delete. I thought for a minute it had actually deleted my search engines, but i am seeing most of them in tact now... Or maybe it only deleted a few of them ,i'm not seeing the youtube search engine (which i downloaded from the firefox suggestions when you go to youtube and you click the dropdown search menu).

It has also deleted a shortcut icon of a desktop program i actually use ,i think that might be a bug of JNK.

 

What does this entry mean: user_pref("extensions.sam@samfind.com.install-event-fired", true);

I used to have the samfind addon, does it mean it was a malware or why does it delete user preferences in the first place?

 

What should i do about the Yoonoo detection in malwarebytes, just quarantine it or is there a better way? Yoonoo is another one of those that has stayed with me forever. Also can it be a better idea to run malwarebytes or adwcleaner without any other antivirus , security programs or your internet plugged in? Maybe even safe mode?

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by nazanda on Sun 01/11/2015 at 11:20:53.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\nazanda\AppData\Roaming\mozilla\firefox\profiles\4hz6f8cz.default\user.js
Successfully deleted: [File] C:\Users\nazanda\AppData\Roaming\mozilla\firefox\profiles\4hz6f8cz.default\searchplugins\youtube-video-search.xml
Successfully deleted the following from C:\Users\nazanda\AppData\Roaming\mozilla\firefox\profiles\4hz6f8cz.default\prefs.js

user_pref("browser.search.hiddenOneOffs", "Twitter,About.com,reddit.com: search results,Amazon Search Sugges
user_pref("extensions.sam@samfind.com.install-event-fired", true);
Emptied folder: C:\Users\nazanda\AppData\Roaming\mozilla\firefox\profiles\4hz6f8cz.default\minidumps [29 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/11/2015 at 11:23:47.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Thank you Gary


Edited by raror, 11 January 2015 - 05:03 AM.


#11 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 05:33 AM

I just found out about two firefox addons that are most likely viruses , that i used to have installed months or more than a year ago:

https://addons.mozilla.org/de/firefox/addon/youtube-unblocker

and

https://addons.mozilla.org/en-us/firefox/addon/flash-video-downloader/?src=ss

 

I know for a fact that the first one is still giving me issues, even though they've been uninstalled from firefox a long time ago.

 

This person explains some of it here:

 

https://addons.mozilla.org/de/firefox/addon/youtube-unblocker/reviews/622150/

 

Basically what happened was i was looking at this one page trying to figure out how to revoke all the permissions that i accidentally allowed on it a few months ago (using the noscript firefox addon). I looked at this allowed script called xfreeservice.com ,and i thought it was a suspicious name so i blocked it.

 

Now blocking scripts manually (and maybe allowing scripts as well) with noscript causes all my tabs to start loading up at the same time for some reason and firefox to crash (i haven't tried it very many times since then ,but it did start happening maybe a few months ago. I haven't found a solution to that ,but of course it happened again when i did it with this xfreeservice.com thing.)

 

Anyway, the interesting thing that happened was ,that this same script reappeared on youtube and a few other sites as a blocked sciprt, which made no sense. I didn't understand how this script could be used on so many disconnected pages so i googled it and this showed up: https://addons.mozilla.org/de/firefox/addon/youtube-unblocker/reviews/622150/

 

Anyway, now i'm looking for a way to get rid of this pest

Do you think this was fixed? I don't really know how to reproduce it ,because it happens sort of infrequently. Will look for if it happens in the future.

 

I have another issue with firefox crashing which is reproduced this way: when i go to the email service abv.bg (doesn't happen in yahoo) , and i click respond to an email that has graphics in it or banners i guess (doesn't happen with text or pure hyperlinks) , and i select the entire message and i click space to clear the text (i think it happens with any button that clears text,but i just use space for that usually) and then firefox crashes.

 

I do have a few addons that relate to emails ,including one specific to that email service, but going to safe mode in firefox does not fix this,so it shouldn't be from any of the addons.


Edited by raror, 11 January 2015 - 05:35 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,558 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:49 AM

Posted 11 January 2015 - 03:31 PM

Greetings,

We will address the AppsHat Mobile Apps, moreso to help you to feel better about it than it being a problem.

----------
 

The way i understand it , i should probably be somewhat worried about the way lock poker is working as of right now, so maybe i will also think of having it removed , in the back of my mind.
And removing it altogether would fix any potential issues , i think?

If Lock Poker is running fine I would leave it as is. As far as I can tell there was something added to it and we removed the added part. It won't hurt to uninstall/reinstall but I am not sure it is necessary.

----------

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1315861483-2587834430-1896926071-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION


Yes, if you run the fix for this it will reset any settings you created. These entries could be run as a fix just like the last fix.

----------

We will take a look at the mouse issue after I gather some information.

----------
 

Is there a website that explains what each detection means in adwcleaner?

No one site, you have to Google it.

----------

Rather than try to answer specific questions I will tell you the overall philosophy of programs like AdwCleaner and Junkware Removal Tool. There are certain entries that absolutely need to be removed. There are other entries that are more than likely installed without the Users specific permission. Then there are common files malware creators go after so those files tend to be removed. If an entry is classified as more likely than not installed without the User's specific permission but it actually was deliberately installed, it can be installed once again.

----------

We will address Firefox after this.

----------

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*AppsHat*
:folderfind
*AppsHat*
:regfind
*AppsHat*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and upload the file here
  • I will be automatically notified when the file has been successfully uploaded
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Systemlook log
  • Combofix log
  • Attached System Summary information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 05:55 PM

 SystemLook 30.07.11 by jpshortstuff
Log created at 00:52 on 12/01/2015 by nazanda
Administrator - Elevation successful

========== filefind ==========

Searching for "*AppsHat*"
C:\Qoobox\Quarantine\Registry_backups\AddRemove-AppsHat Mobile Apps.reg.dat    --a---- 922 bytes    [23:31 09/11/2013]    [23:31 09/11/2013] 7E36FFC3EDFC0A3819AC2B66A5BDDBA4

========== folderfind ==========

Searching for "*AppsHat*"
No folders found.

========== regfind ==========

Searching for "*AppsHat*"
No data found.

-= EOF =-



#14 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 07:11 PM

ComboFix 15-01-08.01 - nazanda 01/12/2015   1:40.8.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.32720.29202 [GMT 2:00]
Running from: c:\users\nazanda\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
I:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-11 to 2015-01-11  )))))))))))))))))))))))))))))))
.
.
2015-01-11 23:47 . 2015-01-11 23:47    --------    d-----w-    c:\users\Public\AppData\Local\temp
2015-01-11 23:47 . 2015-01-11 23:47    --------    d-----w-    c:\users\postgres\AppData\Local\temp
2015-01-11 23:47 . 2015-01-11 23:47    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2015-01-11 23:47 . 2015-01-11 23:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-01-08 03:34 . 2015-01-08 03:34    --------    d-----w-    c:\users\nazanda\AppData\Local\Foxit Reader
2015-01-05 21:26 . 2015-01-11 06:17    --------    d-----w-    C:\FRST
2015-01-05 14:08 . 2015-01-05 14:08    --------    d-----w-    c:\windows\SysWow64\Adobe
2015-01-05 13:59 . 2015-01-05 16:25    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-05 13:59 . 2015-01-05 16:25    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-03 08:05 . 2015-01-03 08:05    --------    d-sh--w-    c:\programdata\ms-drivers
2015-01-03 08:05 . 2015-01-03 08:05    --------    d-sh--w-    c:\programdata\icsxml
2015-01-03 08:05 . 2015-01-03 08:05    --------    d-sh--w-    c:\programdata\DIBsection
2015-01-03 08:05 . 2015-01-03 08:05    --------    d-sh--w-    c:\users\nazanda\AppData\Local\icsxml
2015-01-03 07:58 . 2015-01-03 07:58    --------    d-----w-    c:\windows\AssetManage Enterprise
2014-12-31 12:22 . 2014-12-31 12:23    --------    d-----w-    c:\windows\rescache
2014-12-30 14:14 . 2014-12-13 05:09    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-12-30 14:14 . 2014-12-13 03:33    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-12-29 14:42 . 2014-12-29 14:42    --------    d-----w-    c:\windows\system32\appraiser
2014-12-29 06:20 . 2014-12-04 02:50    413184    ----a-w-    c:\windows\system32\generaltel.dll
2014-12-29 06:20 . 2014-12-04 02:50    741376    ----a-w-    c:\windows\system32\invagent.dll
2014-12-29 06:20 . 2014-12-04 02:50    396800    ----a-w-    c:\windows\system32\devinv.dll
2014-12-29 06:20 . 2014-12-04 02:50    227328    ----a-w-    c:\windows\system32\aepdu.dll
2014-12-29 06:20 . 2014-12-04 02:50    192000    ----a-w-    c:\windows\system32\aepic.dll
2014-12-29 06:20 . 2014-12-04 02:44    1083392    ----a-w-    c:\windows\system32\aeinv.dll
2014-12-29 06:20 . 2014-12-01 23:28    1232040    ----a-w-    c:\windows\system32\aitstatic.exe
2014-12-28 10:30 . 2014-12-28 10:30    --------    d-----w-    c:\program files\UnCleaner
2014-12-27 03:23 . 2013-09-20 08:49    21040    ----a-w-    c:\windows\system32\sdnclean64.exe
2014-12-27 03:05 . 2014-12-27 10:11    --------    d-----w-    c:\programdata\Kaspersky Lab
2014-12-25 05:38 . 2014-12-25 05:38    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-12-25 05:38 . 2014-12-25 05:38    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-25 05:13 . 2014-10-18 01:33    3209728    ----a-w-    c:\windows\SysWow64\mf.dll
2014-12-25 05:13 . 2014-07-07 02:06    206848    ----a-w-    c:\windows\system32\mfps.dll
2014-12-25 05:13 . 2014-07-07 02:06    55808    ----a-w-    c:\windows\system32\rrinstaller.exe
2014-12-25 05:13 . 2014-07-07 02:06    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2014-12-25 05:13 . 2014-07-07 02:02    2048    ----a-w-    c:\windows\system32\mferror.dll
2014-12-25 05:13 . 2014-07-07 01:40    103424    ----a-w-    c:\windows\SysWow64\mfps.dll
2014-12-25 05:13 . 2014-07-07 01:39    50176    ----a-w-    c:\windows\SysWow64\rrinstaller.exe
2014-12-25 05:13 . 2014-07-07 01:39    23040    ----a-w-    c:\windows\SysWow64\mfpmp.exe
2014-12-25 05:13 . 2014-07-07 01:37    2048    ----a-w-    c:\windows\SysWow64\mferror.dll
2014-12-25 05:13 . 2014-10-18 02:05    4121600    ----a-w-    c:\windows\system32\mf.dll
2014-12-25 05:12 . 2014-12-25 05:12    --------    d-----w-    c:\program files (x86)\Microsoft ASP.NET
2014-12-25 05:10 . 2014-10-30 02:03    165888    ----a-w-    c:\windows\system32\charmap.exe
2014-12-25 05:10 . 2014-10-30 01:45    155136    ----a-w-    c:\windows\SysWow64\charmap.exe
2014-12-23 05:18 . 2014-12-23 05:18    --------    d-----w-    c:\users\nazanda\AppData\Local\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc
2014-12-23 05:17 . 2014-12-23 05:18    --------    d-----w-    c:\users\nazanda\AppData\Roaming\tweetdeckbytwitter-e94bb33e3aa669cef24d6426e26382fc
2014-12-14 21:18 . 2014-12-14 21:18    --------    d-----w-    c:\users\nazanda\AppData\Local\TeamViewer
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-11 23:25 . 2014-07-15 15:43    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-30 05:42 . 2013-09-10 18:47    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-12-30 05:42 . 2013-09-10 18:46    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-12-29 03:02 . 2013-09-26 12:57    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-12-29 03:02 . 2013-09-26 12:57    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-11-27 14:40 . 2013-07-11 18:08    112710672    ----a-w-    c:\windows\system32\MRT.exe
2014-11-22 16:18 . 2013-09-28 07:30    1050432    ----a-w-    c:\windows\system32\drivers\aswsnx.sys
2014-11-21 15:43 . 2014-11-21 15:43    364512    ----a-w-    c:\windows\system32\aswBoot.exe
2014-11-21 15:43 . 2014-11-21 15:43    43152    ----a-w-    c:\windows\avastSS.scr
2014-11-21 15:43 . 2014-06-25 08:12    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-11-21 15:43 . 2013-12-28 19:49    116728    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-11-21 15:43 . 2013-09-28 07:30    436624    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-11-21 15:43 . 2013-09-28 07:30    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-11-21 15:43 . 2013-09-28 07:30    83280    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-11-21 15:43 . 2013-09-28 07:30    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-11-21 15:43 . 2013-09-28 07:30    267632    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-11-21 15:43 . 2013-09-28 07:30    28184    ----a-w-    c:\windows\system32\drivers\aswKbd.sys
2014-11-21 15:43 . 2014-11-21 15:43    449936    ----a-w-    c:\windows\system32\drivers\aswNdisFlt.sys
2014-11-21 04:14 . 2014-07-15 15:43    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-11-21 04:14 . 2013-10-24 13:43    93400    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 04:14 . 2014-02-14 05:15    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-11-21 02:44 . 2014-11-21 02:44    78432    ----a-w-    c:\windows\system32\atimpc64.dll
2014-11-21 02:44 . 2014-11-21 02:44    78432    ----a-w-    c:\windows\system32\amdpcom64.dll
2014-11-21 02:44 . 2014-11-21 02:44    71704    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2014-11-21 02:44 . 2014-11-21 02:44    71704    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2014-11-21 02:44 . 2014-04-18 02:43    144328    ----a-w-    c:\windows\system32\atiuxp64.dll
2014-11-21 02:44 . 2014-09-15 22:31    126848    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2014-11-21 02:44 . 2014-04-18 02:42    118096    ----a-w-    c:\windows\system32\atiu9p64.dll
2014-11-21 02:44 . 2014-04-18 02:42    100032    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2014-11-21 02:44 . 2014-04-18 02:42    1348928    ----a-w-    c:\windows\system32\aticfx64.dll
2014-11-21 02:44 . 2014-04-18 02:42    1127496    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2014-11-21 02:44 . 2014-04-18 02:42    11076784    ----a-w-    c:\windows\system32\atidxx64.dll
2014-11-21 02:44 . 2014-09-15 22:31    9401480    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2014-11-21 02:43 . 2014-04-18 02:42    7558816    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2014-11-21 02:43 . 2014-04-18 02:42    7077776    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2014-11-21 02:43 . 2014-04-18 02:42    8379720    ----a-w-    c:\windows\system32\atiumd6a.dll
2014-11-21 02:43 . 2014-04-18 02:42    8369408    ----a-w-    c:\windows\system32\atiumd64.dll
2014-11-21 02:41 . 2014-11-21 02:41    294600    ----a-w-    c:\windows\system32\drivers\amdacpksd.sys
2014-11-21 02:40 . 2014-11-21 02:40    18959360    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2014-11-21 02:33 . 2014-11-21 02:33    235008    ----a-w-    c:\windows\system32\clinfo.exe
2014-11-21 02:33 . 2014-11-21 02:33    98816    ----a-w-    c:\windows\system32\OpenVideo64.dll
2014-11-21 02:33 . 2014-11-21 02:33    83456    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2014-11-21 02:33 . 2014-11-21 02:33    86528    ----a-w-    c:\windows\system32\OVDecode64.dll
2014-11-21 02:33 . 2014-11-21 02:33    73216    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2014-11-21 02:33 . 2014-11-21 02:33    47899136    ----a-w-    c:\windows\system32\amdocl64.dll
2014-11-21 02:32 . 2014-11-21 02:32    40987136    ----a-w-    c:\windows\SysWow64\amdocl.dll
2014-11-21 02:31 . 2014-11-21 02:31    65024    ----a-w-    c:\windows\system32\OpenCL.dll
2014-11-21 02:31 . 2014-11-21 02:31    58880    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2014-11-21 02:24 . 2014-11-21 02:24    28354560    ----a-w-    c:\windows\system32\atio6axx.dll
2014-11-21 02:19 . 2014-11-21 02:19    23621632    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2014-11-21 02:19 . 2014-11-21 02:19    49664    ----a-w-    c:\windows\system32\amdmmcl6.dll
2014-11-21 02:19 . 2014-11-21 02:19    38912    ----a-w-    c:\windows\SysWow64\amdmmcl.dll
2014-11-21 02:18 . 2014-11-21 02:18    127488    ----a-w-    c:\windows\system32\mantle64.dll
2014-11-21 02:18 . 2014-11-21 02:18    113664    ----a-w-    c:\windows\SysWow64\mantle32.dll
2014-11-21 02:18 . 2014-11-21 02:18    5837312    ----a-w-    c:\windows\system32\amdmantle64.dll
2014-11-21 02:17 . 2014-11-21 02:17    367104    ----a-w-    c:\windows\system32\atiapfxx.exe
2014-11-21 02:17 . 2014-11-21 02:17    62464    ----a-w-    c:\windows\system32\aticalrt64.dll
2014-11-21 02:17 . 2014-11-21 02:17    52224    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2014-11-21 02:16 . 2014-11-21 02:16    55808    ----a-w-    c:\windows\system32\aticalcl64.dll
2014-11-21 02:16 . 2014-11-21 02:16    49152    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2014-11-21 02:16 . 2014-11-21 02:16    15716352    ----a-w-    c:\windows\system32\aticaldd64.dll
2014-11-21 02:16 . 2014-11-21 02:16    14302208    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2014-11-21 02:15 . 2014-11-21 02:15    4590592    ----a-w-    c:\windows\SysWow64\amdmantle32.dll
2014-11-21 02:13 . 2014-11-21 02:13    91648    ----a-w-    c:\windows\system32\mantleaxl64.dll
2014-11-21 02:13 . 2014-11-21 02:13    85504    ----a-w-    c:\windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12 . 2014-11-21 02:12    31232    ----a-w-    c:\windows\system32\atimuixx.dll
2014-11-21 02:12 . 2014-04-18 01:30    442368    ----a-w-    c:\windows\system32\atidemgy.dll
2014-11-21 02:12 . 2014-11-21 02:12    774656    ----a-w-    c:\windows\system32\atieclxx.exe
2014-11-21 02:12 . 2014-11-21 02:12    244736    ----a-w-    c:\windows\system32\atiesrxx.exe
2014-11-21 02:12 . 2014-11-21 02:12    190976    ----a-w-    c:\windows\system32\atitmm64.dll
2014-11-21 02:10 . 2014-11-21 02:10    843776    ----a-w-    c:\windows\system32\coinst_14.50.dll
2014-11-21 02:09 . 2014-04-18 01:09    1214976    ----a-w-    c:\windows\system32\atiadlxx.dll
2014-11-21 02:09 . 2014-11-21 02:09    903168    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2014-11-21 02:09 . 2014-11-21 02:09    75264    ----a-w-    c:\windows\system32\atig6pxx.dll
2014-11-21 02:09 . 2014-11-21 02:09    69632    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2014-11-21 02:09 . 2014-11-21 02:09    69632    ----a-w-    c:\windows\system32\atiglpxx.dll
2014-11-21 02:08 . 2014-11-21 02:08    146944    ----a-w-    c:\windows\system32\atig6txx.dll
2014-11-21 02:08 . 2014-11-21 02:08    133632    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2014-11-21 02:08 . 2014-11-21 02:08    589312    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2014-11-21 02:08 . 2014-11-21 02:08    43520    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2014-11-20 19:36 . 2014-11-20 19:36    51200    ----a-w-    c:\windows\system32\kdbsdk64.dll
2014-11-20 19:35 . 2014-11-20 19:35    38912    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
2014-11-19 02:31 . 2014-11-19 02:31    1217192    ----a-w-    c:\windows\SysWow64\FM20.DLL
2014-11-11 03:08 . 2014-12-03 04:00    241152    ----a-w-    c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-12-03 04:00    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-03 04:00    186880    ----a-w-    c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-12-03 04:00    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-10-25 01:57 . 2014-12-03 04:00    77824    ----a-w-    c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-12-03 04:00    67584    ----a-w-    c:\windows\SysWow64\packager.dll
2014-10-21 20:19 . 2014-10-21 20:19    1563664    ----a-w-    c:\windows\SysWow64\cmll20bc.llx
2014-10-21 20:19 . 2014-10-21 20:19    1316880    ----a-w-    c:\windows\SysWow64\cmmx20.dll
2014-10-21 20:19 . 2014-10-21 20:19    1007120    ----a-w-    c:\windows\SysWow64\cmut20.dll
2014-10-21 20:19 . 2014-10-21 20:19    5998408    ----a-w-    c:\windows\SysWow64\cmll20xl.dll
2014-10-21 20:19 . 2014-10-21 20:19    583184    ----a-w-    c:\windows\SysWow64\cmll20pw.llx
2014-10-21 20:19 . 2014-10-21 20:19    3350032    ----a-w-    c:\windows\SysWow64\cmls20.dll
2014-10-21 20:19 . 2014-10-21 20:19    7571992    ----a-w-    c:\windows\SysWow64\cmll20ht.llx
2014-10-21 20:19 . 2014-10-21 20:19    5315984    ----a-w-    c:\windows\SysWow64\cmll20oc.llx
2014-10-21 20:19 . 2014-10-21 20:19    7288336    ----a-w-    c:\windows\SysWow64\cmll20ex.llx
2014-10-21 20:19 . 2014-10-21 20:19    1221648    ----a-w-    c:\windows\SysWow64\cmdw20.dll
2014-10-21 20:19 . 2014-10-21 20:19    11880976    ----a-w-    c:\windows\SysWow64\cmll20.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPN Notifier"="c:\program files (x86)\Lock Poker\PokerNotifier.exe" [BU]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"IVONA ControlCenter"="c:\program files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2012-11-07 2172864]
"uTorrent"="c:\users\nazanda\AppData\Roaming\uTorrent\uTorrent.exe" [2014-11-13 1385808]
"Azureus"="c:\program files (x86)\Vuze\Azureus.exe" [2014-08-12 271160]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"Clownfish"="c:\program files (x86)\Clownfish\Clownfish.exe" [2014-11-28 1329408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-09 5015040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"UIExec"="c:\program files (x86)\GLOBUL Connection Manager\UIExec.exe" [2011-08-15 153424]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2013-06-18 1694080]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-06-19 5524336]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"StartCCC"="d:\c programs extention\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-11-20 767176]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"SDTray"="d:\c programs extention\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\nazanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
IVONA Reader.exe - Shortcut.lnk - c:\program files (x86)\IVONA\IVONA Reader\IVONA Reader.exe [2012-2-9 1340264]
new youtube acc.txt - Shortcut.lnk - c:\users\nazanda\Desktop\new youtube acc.txt [2014-9-21 5095]
probni bookmarkove (delete if you want) - Shortcut.lnk - f:\programi\firefox\IMPORTANT firefox\probni bookmarkove (delete if you want) [2014-9-30] [Folder]
thunderbird.exe - Shortcut.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-8-18 389744]
TweetDeck.lnk - c:\program files (x86)\Twitter\TweetDeck\TweetDeck.exe [2013-11-1 360952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\c programs extention\Spybot - Search & Destroy 2\SDFSSvc.exe;d:\c programs extention\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\c programs extention\Spybot - Search & Destroy 2\SDUpdSvc.exe;d:\c programs extention\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\c programs extention\Spybot - Search & Destroy 2\SDWSCSvc.exe;d:\c programs extention\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 PSMounterEx;Macrium Reflect Image Explorer Driver;c:\windows\system32\drivers\psmounterex.sys;c:\windows\SYSNATIVE\drivers\psmounterex.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;f:\programi\pc stats\RealTemp_370\WinRing0x64.sys;f:\programi\pc stats\RealTemp_370\WinRing0x64.sys [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
R4 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [x]
R4 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w;c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 -D c:/postgreSQL/data -w [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 Synergy;Synergy;c:\program files\Synergy\synergyd.exe;c:\program files\Synergy\synergyd.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\GLOBUL Connection Manager\AssistantServices.exe;c:\program files (x86)\GLOBUL Connection Manager\AssistantServices.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 11:04    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-01 c:\windows\Tasks\Backup of C xml.job
- c:\program files\Macrium\Reflect\Reflect.exe [2014-08-17 13:56]
.
2015-01-11 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1315861483-2587834430-1896926071-1000.job
- c:\users\nazanda\AppData\Local\Citrix\GoToMeeting\2185\g2mupdate.exe [2015-01-11 00:32]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:07]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-11 00:07]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000Core.job
- c:\users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-18 12:15]
.
2015-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1315861483-2587834430-1896926071-1000UA.job
- c:\users\nazanda\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-18 12:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-21 15:43    860984    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-13 441968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-13 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-13 399984]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 93.152.178.254 93.152.160.5
FF - ProfilePath - c:\users\nazanda\AppData\Roaming\Mozilla\Firefox\Profiles\4hz6f8cz.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Onboard - c:\program files\Western Digital\WD SmartWare\BackupTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="c:/postgreSQL/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"c:/postgreSQL/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-H9NA-2YTQ-62XA-P7JM-CRSP-ZF32G7H"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-01-12  01:59:19
ComboFix-quarantined-files.txt  2015-01-11 23:59
ComboFix2.txt  2014-03-30 17:27
ComboFix3.txt  2014-02-17 01:55
ComboFix4.txt  2013-11-09 23:32
ComboFix5.txt  2014-07-15 15:00
.
Pre-Run: 5,843,021,824 bytes free
Post-Run: 5,880,020,992 bytes free
.
- - End Of File - - EC065D40CA22C3046FE35E0BAB37BA9A
8F558EB6672622401DA993E1E865C861
 



#15 raror

raror
  • Topic Starter

  • Members
  • 123 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:49 PM

Posted 11 January 2015 - 07:15 PM

I have no idea what this I:/install.exe on I is supposed to be. I don't remember installing a program on I and i don't usually install anything that way. Plus i'm seeing all these other files on there:

 

eula.1028.txt

eula.2052.txt

install.res.1033.dll

install.res.1041.dll

VC_RED.cab

VC_RED.msi

vcredist.bmp

globdata.ini

install.ini

 

Also when i ran combofix, i had thought ending the processes related to spybot was enough,but apparently they startup by themselves again ,so when combofix said twice that my spybot was still running, i restarted my pc and ran combofix again (there's no option to stop combofix and try to disable the programs).

Now internet explorer was going non-responding after that and could those thing go together somehow? I've never seen Iexplorer not responding over 2 tabs and nothing else running. Although i guess it recently updated to IE11 or something


Edited by raror, 11 January 2015 - 07:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users