Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Xoceansessivellidhelper.exe


  • This topic is locked This topic is locked
22 replies to this topic

#1 grumpyhumpy

grumpyhumpy

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 07 January 2015 - 08:24 AM

Has anyone come across this? It looks like it is adware which sets a manual proxy pointing to itself (managed to stop the service and turn off the manual proxy setting), but I can't find any reference to it on the net..



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 07 January 2015 - 03:16 PM

Hello grumpyhumpy

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Has anyone come across this?

 
I haven't seen this file before and would like to you to upload me a copy of it.
 
Step 1
 
We need to submit a malware sample to BleepingComputer

Open up your Internet Browser and go to the following address:-

http://www.bleepingcomputer.com/submit-malware.php?channel=179

You will need to do the following:-

  • In the Link to topic where this file was requested: please copy the link to this topic and paste it in the text box
  • In Browse to the file you want to submit: Click Browse and locate the following file Xoceansessivellidhelper.exe
  • Click Submit

In your next reply, please let me know if you have completed this or if you have any issues uploading the sample.

 
Step 2

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
installedprogs;
process;
services-list;
filesrcm;
srinfo;
emptyfolderscheck;
startupall;
firefoxlook;
chromelook;
skipfix-iedefaults;
msconfigcheck;
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    • Close any open browsers.
    • Click the "Run script" button and wait patiently.
    • When finished the logfile will be opened in notepad.
    • If a reboot is needed the logfile will be opened after reboot.
    • The zoek-results.log can also be found on your systemdrive (normally C:\).
    • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 08 January 2015 - 05:04 AM

Hi Seedy21, thanks, file posted.



#4 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 08 January 2015 - 05:20 AM

Hi Seedy21, logfile posted, too.



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 08 January 2015 - 11:26 AM

Hi GrumpyHumpy

 

From now onwards please post the contents of the log in your next reply to this topic.

 

I will need some time to look at the file you have uploaded and look at the Zoek Report.

 

Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by Julian on 08/01/2015 at 10:05:56.71.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Julian\Downloads\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

08/01/2015 10:08:15 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Amazon
C:\PROGRA~2\COMMON~1\Symantec Shared
C:\PROGRA~3\AltiumDesignerSummer09_ViewerSecurity
C:\PROGRA~3\Canon IJ Network Tool
C:\PROGRA~3\NVIDIA
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
C:\Users\Julian\AppData\Roaming\webex
C:\Users\Admin\AppData\Local\VirtualStore
C:\Users\Julian\AppData\Local\cache
C:\Users\Julian\AppData\Local\offsync

==== Installed Programs ======================

7-Zip 9.21  
7-Zip 9.22 (x64 edition)  
7-Zip 9.22beta  
Absolute Reminder  
Adobe Creative Cloud  
Adobe Flash Player 15 Plugin  
Adobe Flash Player 16 PPAPI  
Adobe Photoshop Elements 11  
Adobe Reader X (10.1.13) MUI  
Adobe Refresh Manager  
AllSharePlayLink  
Altium Designer Summer 09 Viewer  
AMD Accelerated Video Transcoding  
AMD Catalyst Control Center  
AMD Catalyst Install Manager  
Apple Application Support  
Apple Software Update  
AudibleManager  
Avast Free Antivirus  
BBC iPlayer Downloads  
Bitcasa version 1.1.6.18  
Build Tools - amd64  
Build Tools - x86  
Build Tools Language Resources - amd64  
Build Tools Language Resources - x86  
Canon IJ Network Scanner Selector EX  
Canon IJ Network Tool  
Canon MG6200 series MP Drivers  
Canon MP Navigator EX 5.0  
Canon Solution Menu EX  
Catalyst Control Center - Branding  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
Catalyst Control Center Profiles Mobile  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
Cisco WebEx Meetings  
Citrix Online Launcher  
CMake 2.8, a cross-platform, open-source build system  
CodeBlocks  
Cyberduck 4.4.3 (14140)  
CyberLink PowerDVD 10  
Cytoscape 3.1.0  
D3DX10  
DAEMON Tools Lite  
DEFIANCE  
DefianceRuntimes  
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition  
DesignSpark Mechanical 1.0  
DesignSpark PCB 6.1  
DesignSpark PCB Version 6.1  
DisplayLink Core Software  
DisplayLink Graphics  
Document Express DjVu Plug-in  
DraftSight x64  
Dropbox  
E-POP  
Easy File Share  
eDrawings 2014 x64  
Elements 11 Organizer  
Entity Framework Tools for Visual Studio 2013  
ETDWare X64 11.7.19.9_WHQL  
Evernote v. 5.4  
Express Accounts  
Express Burn  
Express Invoice  
FileFort Backup  
FlameRobin 0.9.3  
Fotogalerie  
Free Flash FLV Video Converter v3.0  
Galerie de photos  
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit)  
Gephi 0.8.2  
Git version 1.8.4-preview20130916  
GitHub  
Google Chrome  
Google Chrome Canary  
Google Drive  
Google Earth  
Google Toolbar for Internet Explorer  
Google Update Helper  
GoToMeeting 7.0.5.2152  
Graphite V9 SP0  
Help Desk  
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)  
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)  
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)  
Intel AppUp® center  
Intel® Manageability Engine Firmware Recovery Agent  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® PROSet/Wireless for Bluetooth® + High Speed  
Intel® PROSet/Wireless Software for Bluetooth® Technology  
Intel® Rapid Storage Technology  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel® WiDi  
Intel� PROSet/Wireless Software  
Intel� Trusted Connect Service Client  
IntelliMemory  
Inventoria Stock Manager  
IPSetup version 2.0.0.0  
Java 7 Update 67  
Java 8 Update 25  
Java Auto Updater  
jv16 PowerTools 2014  
LastPass (uninstall only)  
Leap Motion Software  
LinuxLive USB Creator  
MEO Encryption Software  
Microsoft .NET Compact Framework 2.0 SP2  
Microsoft .NET Compact Framework 3.5  
Microsoft .NET Framework 4 Multi-Targeting Pack  
Microsoft .NET Framework 4.5 Multi-Targeting Pack  
Microsoft .NET Framework 4.5 SDK  
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack  
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)  
Microsoft .NET Framework 4.5.1 SDK  
Microsoft Application Error Reporting  
Microsoft C++ REST SDK for Visual Studio 2013  
Microsoft Device Emulator (64 bit) version 3.0 - ENU  
Microsoft Document Explorer 2008  
Microsoft Help Viewer 1.0  
Microsoft Help Viewer 2.1  
Microsoft Lync 2010  
Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop  
Microsoft Office 2007 Service Pack 3 (SP3)  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2007  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2007  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)  
Microsoft Office Visual Web Developer 2007  
Microsoft Office Visual Web Developer MUI (English) 2007  
Microsoft Office Word MUI (English) 2010  
Microsoft Silverlight  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft SQL Server 2008 (64-bit)  
Microsoft SQL Server 2008 Browser  
Microsoft SQL Server 2008 Common Files  
Microsoft SQL Server 2008 Database Engine Services  
Microsoft SQL Server 2008 Database Engine Shared  
Microsoft SQL Server 2008 Native Client  
Microsoft SQL Server 2008 RsFx Driver  
Microsoft SQL Server 2008 Setup Support Files   
Microsoft SQL Server 2012 Command Line Utilities   
Microsoft SQL Server 2012 Data-Tier App Framework   
Microsoft SQL Server 2012 Data-Tier App Framework  (x64)  
Microsoft SQL Server 2012 Express LocalDB   
Microsoft SQL Server 2012 Management Objects   
Microsoft SQL Server 2012 Management Objects  (x64)  
Microsoft SQL Server 2012 Native Client   
Microsoft SQL Server 2012 Setup (English)  
Microsoft SQL Server 2012 T-SQL Language Service   
Microsoft SQL Server 2012 Transact-SQL ScriptDom   
Microsoft SQL Server Compact 3.5 Design Tools ENU  
Microsoft SQL Server Compact 3.5 for Devices ENU  
Microsoft SQL Server Compact 3.5 SP2 ENU  
Microsoft SQL Server Compact 3.5 SP2 x64 ENU  
Microsoft SQL Server Compact 4.0 SP1 x64 ENU  
Microsoft SQL Server Data Tools - enu (12.0.30919.1)  
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)  
Microsoft SQL Server Native Client  
Microsoft SQL Server Setup Support Files (English)  
Microsoft SQL Server VSS Writer  
Microsoft System CLR Types for SQL Server 2012  
Microsoft System CLR Types for SQL Server 2012 (x64)  
Microsoft Team Foundation Server 2013 Object Model (x64)  
Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU  
Microsoft Visual C++  x64 Libraries  
Microsoft Visual C++  x86 Libraries  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010 Express - ENU  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 32bit Compilers - ENU Resources  
Microsoft Visual C++ 2013 Core Libraries  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86-x64 Compilers  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft Visual Studio 2005 Tools for Office Runtime  
Microsoft Visual Studio 2008 Professional Edition - ENU  
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU  
Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU  
Microsoft Visual Studio 2013 Preparation  
Microsoft Visual Studio 2013 Shell (Minimum)  
Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies  
Microsoft Visual Studio 2013 Shell (Minimum) Resources  
Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU  
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU  
Microsoft Visual Studio Express 2013 for Windows Desktop  
Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core  
Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources  
Microsoft Visual Studio Web Authoring Component  
Microsoft XNA Framework Redistributable 4.0  
Miro Video Converter  
Mobile App Sync  
Movie Maker  
Mozilla Firefox 34.0 (x86 en-GB)  
Mozilla Maintenance Service  
MSVCRT  
MSVCRT110  
MSVCRT110_amd64  
MSXML 4.0 SP3 Parser  
Music Transfer  
Music Transfer 1.0  
MyDriveConnect 3.3.0.1342  
Nmap 5.61-Spiceworks  
Norton Online Backup  
Norton Online Backup ARA  
NVIDIA CUDA Documentation 5.5  
NVIDIA CUDA Samples 5.5  
NVIDIA CUDA Samples 6.5  
NVIDIA CUDA Toolkit 5.5  
NVIDIA CUDA Toolkit 6.5  
NVIDIA CUDA Visual Studio Integration 6.5  
NVIDIA GPU Deployment Kit 340.62  
NVIDIA Install Application  
NVIDIA Nsight Tegra v1.6, Visual Studio Edition  
NVIDIA Nsight Visual Studio Edition 4.1.0.14204  
NVIDIA PerfHUD ES Tegra  
NVIDIA Tegra Android Development Pack 3.0r3  
NVIDIA Tegra Graphics Debugger v1.1  
NVIDIA Tegra System Profiler v2.1  
NVIDIA Tools Extension SDK (NVTX) - 64 bit  
NVIDIA Virtual Audio 1.2.23  
O&O Syspectr  
OEM Application Profile  
Online Support(S Service)  
OpenMG Secure Module 5.0.00  
openobd  
OpenProj  
PagePlusX7ContentDeclaration  
PDC International  
PDF Architect  
PDFCreator  
Photo Common  
Photo Gallery  
Picasa 3  
Plants vs. Zombies  
PowerXpressHybrid  
Prerequisites for SSDT   
Prezi  
ProjectLibre  
PSE11 STI Installer  
PX Profile Update  
Quick Starter  
QuickTime 7  
Raccolta foto  
RealDownloader  
RealNetworks - Microsoft Visual C++ 2008 Runtime  
RealNetworks - Microsoft Visual C++ 2010 Runtime  
RealPlayer Cloud  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
Realtime Landscaping Architect 2013 Trial  
RealUpgrade 1.1  
Recovery  
S Agent  
SADP  
Samsung Link  
Secure Download Manager  
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition  
Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition   
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition   
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition  
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition  
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition  
Serif PagePlus X7  
Serif WebPlus X6  
Serif WebPlus X7  
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)  
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition  
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)  
Settings  
SketchUp 2013  
SketchUp 8  
SkypeT 6.20  
SkyShellEx(x64)  
SmartDraw 2014  
SolidWorks eDrawings 2013 x64  
Spotify  
Spybot - Search & Destroy  
Sql Server Customer Experience Improvement Program  
SRS Premium Sound  
Support Center  
Support Center FAQ  
SW Update  
System Explorer 5.9.3  
Team Explorer for Microsoft Visual Studio 2013  
TeamViewer 10  
tools-windows  
Touchless For Windows  
TurboCASH4.5.2 - (Build 838)  
Update for  (KB2504637)  
Update for 2007 Microsoft Office System (KB967642)  
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition  
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition  
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition  
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition  
Update for Microsoft Office 2007 Help for Common Features (KB963673)  
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition  
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition  
Update for Microsoft Office Script Editor Help (KB963671)  
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition  
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition  
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition  
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition  
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition  
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition  
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)  
UpdateService  
User Guide  
VC Runtimes MSI  
Video Downloader  
video sanctuary 2.0  
VideoDownloaderUltimate  
Visual Studio .NET Prerequisites - English  
Visual Studio C++ 10.0 Runtime  
Visual Studio Tools for the Office system 3.0 Runtime  
VLC media player 2.1.3  
VMware Player  
Web Components  
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218)  
Windows Live  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Photo Common  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Mobile 5.0 SDK R2 for Pocket PC  
Windows Mobile 5.0 SDK R2 for Smartphone  
Windows Software Development Kit  
Windows Software Development Kit DirectX x64 Remote  
Windows Software Development Kit DirectX x86 Remote  
Windows Software Development Kit for Windows Store Apps  
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote  
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote  
Windows XP Targeting with C++  
WinFi  
WinPcap 4.1.2-Spiceworks  
WinRAR 5.11 (32-bit)  
WinRAR 5.11 (64-bit)  
WinSCP 5.5.6  
Workspace Desktop  
Xara Photo & Graphic Designer 6 SE  
Xara Photo & Graphic Designer 7 SE  

==== Running Processes ======================

C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Julian\Downloads\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [DraftSight API Service] - DraftSight API Service - c:\program files\dassault systemes\draftsight\bin\dshttpapiservice.exe c:\program files\dassault systemes\draftsight\bin\dshttpapiservice.exe [x]
R2 - [Intel® Wireless Bluetooth® 4.0 Radio Management] - Intel® Wireless Bluetooth® 4.0 Radio Management - c:\program files (x86)\intel\bluetooth\ibtrksrv.exe
R2 - [LeapService] - Leap Service - c:\program files (x86)\leap motion\core services\leapsvc64.exe
R2 - [MSSQL$SQLEXPRESS] - SQL Server (SQLEXPRESS) - c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlservr.exe
R2 - [RealNetworks Downloader Resolver Service] - RealNetworks Downloader Resolver Service - c:\program files (x86)\realnetworks\realdownloader\rndlresolversvc.exe
R2 - [RealPlayer Cloud Service] - RealPlayer Cloud Service - c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe
R2 - [RealPlayerUpdateSvc] - RealPlayer Update Service - c:\program files (x86)\real\updateservice\realplayerupdatesvc.exe
R2 - [SDScannerService] - Spybot-S&D 2 Scanner Service - c:\program files (x86)\spybot - search & destroy 2\sdfssvc.exe
R2 - [SDUpdateService] - Spybot-S&D 2 Updating Service - c:\program files (x86)\spybot - search & destroy 2\sdupdsvc.exe
R2 - [SDWSCService] - Spybot-S&D 2 Security Center Service - c:\program files (x86)\spybot - search & destroy 2\sdwscsvc.exe
R2 - [SQLWriter] - SQL Server VSS Writer - c:\program files\microsoft sql server\90\shared\sqlwriter.exe
R2 - [TeamViewer] - TeamViewer 10 - c:\program files (x86)\teamviewer\teamviewer_service.exe
R2 - [VMAuthdService] - VMware Authorization Service - c:\program files (x86)\vmware\vmware player\vmware-authd.exe
R2 - [VMUSBArbService] - VMware USB Arbitration Service - c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [AvastVBoxSvc] - AvastVBox COM Service - c:\program files\avast software\avast\ng\vbox\avastvboxsvc.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FlexNet Licensing Service 64] - FlexNet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [VsEtwService120] - Visual Studio ETW Event Collection Service - c:\program files (x86)\microsoft visual studio 12.0\common7\packages\debugger\services\vsetwservice.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [AdobeActiveFileMonitor11.0] - Adobe Active File Monitor V11 - c:\program files (x86)\adobe\elements 11 organizer\photoshopelementsfileagent.exe
S4 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
S4 - [Bluetooth Device Monitor] - Bluetooth Device Monitor - c:\program files (x86)\intel\bluetooth\devmonsrv.exe
S4 - [Bluetooth OBEX Service] - Bluetooth OBEX Service - c:\program files (x86)\intel\bluetooth\obexsrv.exe
S4 - [BTHSSecurityMgr] - Intel® Centrino® Wireless Bluetooth® + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
S4 - [cphs] - Intel® Content Protection HECI Service - c:\windows\syswow64\intelcphecisvc.exe
S4 - [ETDService] - Elan Service - c:\program files\elantech\etdservice.exe
S4 - [ExpressAccountsService] - Express Accounts - c:\program files (x86)\nch software\expressaccounts\expressaccounts.exe [x]
S4 - [ExpressInvoiceService] - Express Invoice - c:\program files (x86)\nch software\expressinvoice\expressinvoice.exe [x]
S4 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe
S4 - [ICCS] - Intel® Integrated Clock Controller Service - Intel® ICCS - c:\program files (x86)\intel\intel® integrated clock controller service\iccproxy.exe
S4 - [Intel® Capability Licensing Service Interface] - Intel® Capability Licensing Service Interface - c:\program files\intel\icls client\heciserver.exe
S4 - [Intel® Capability Licensing Service TCP IP Interface] - Intel® Capability Licensing Service TCP IP Interface - c:\program files\intel\icls client\socketheciserver.exe
S4 - [Intel® ME Service] - Intel® ME Service - c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe
S4 - [IntelliMemory] - IntelliMemory - c:\program files\condusiv technologies\intellimemory\intellimem.exe
S4 - [InventoriaService] - Inventoria Stock Manager - c:\program files (x86)\nch software\inventoria\inventoria.exe [x]
S4 - [jhi_service] - Intel® Dynamic Application Loader Host Interface Service - c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
S4 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
S4 - [MSCSPTISRV] - MSCSPTISRV - c:\program files (x86)\common files\sony shared\avlib\mscsptisrv.exe
S4 - [MSSQLServerADHelper100] - SQL Active Directory Helper Service - c:\program files\microsoft sql server\100\shared\sqladhlp.exe
S4 - [NOBU] - Norton Online Backup - c:\program files (x86)\symantec\norton online backup\nobuagent.exe
S4 - [PACSPTISVR] - PACSPTISVR - c:\program files (x86)\common files\sony shared\avlib\pacsptisvr.exe
S4 - [PDF Architect Helper Service] - PDF Architect Helper Service - c:\program files (x86)\pdf architect\helperservice.exe
S4 - [PDF Architect Service] - PDF Architect Service - c:\program files (x86)\pdf architect\conversionservice.exe
S4 - [spiceworks] - spiceworks - c:\program files (x86)\spiceworks\bin\spiceworks.exe
S4 - [SPTISRV] - Sony SPTI Service - c:\program files (x86)\common files\sony shared\avlib\sptisrv.exe
S4 - [SQLAgent$SQLEXPRESS] - SQL Server Agent (SQLEXPRESS) - c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlagent.exe
S4 - [SQLBrowser] - SQL Server Browser - c:\program files (x86)\microsoft sql server\90\shared\sqlbrowser.exe

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\Julian\AppData\Local\Temp ====
2015-01-07 04:52:44    C68DAB4E53EC43B2F60FC8BD93DDEC62    6406144    ----a-w-    C:\Users\Julian\AppData\Local\Temp\CitrixUpdates\GoToMeeting\2152\G2MTranscoder.exe
2015-01-07 04:52:01    4DB7319CF67F02BC012309ED84408FA9    8212840    ----a-w-    C:\Users\Julian\AppData\Local\Temp\CitrixUpdates\GoToMeeting\2152\G2MCoreInstExtractor.exe
2015-01-06 10:08:13    10CDD1A02D1164CDF79BFE320A4E8F32    24451072    ----a-w-    C:\Users\Julian\AppData\Local\Temp\SkypeSetup.exe
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-01-07 15:38:49    80621A595D8AC5A16BC0E91750301BC1    366592    ----a-w-    C:\WINDOWS\SysWOW64\CNMNPPM.DLL
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-01-07 15:38:49    E7F344507DE8FB326D1089FF6C207C5F    39424    ----a-w-    C:\WINDOWS\Sysnative\CNMN6UI.DLL
2015-01-07 15:38:49    225399AEA05354FFC1AC4B41711ADD13    359936    ----a-w-    C:\WINDOWS\Sysnative\CNMN6PPM.DLL
2015-01-07 13:55:24    82446D358A9FB51CB9DA32A5C901D7A0    21040    ----a-w-    C:\WINDOWS\Sysnative\sdnclean64.exe
====== C:\WINDOWS\Sysnative\drivers =====
2014-12-09 19:46:00    B02118A776C368F7EE1A8CC81378D265    153920    -c--a-w-    C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2014-12-09 19:46:00    A770340FC02B999EF0DE6C2A6BC8437C    39744    -c--a-w-    C:\WINDOWS\Sysnative\drivers\intelpep.sys
2014-12-09 19:46:00    7B7C482CF48E6EE33664340D1A78E6FE    238912    -c--a-w-    C:\WINDOWS\Sysnative\drivers\sdbus.sys
2014-12-09 19:46:00    24A8DFC07E4BAF29AEA26E383D4CC886    86336    ----a-w-    C:\WINDOWS\Sysnative\drivers\pdc.sys
====== C:\WINDOWS\Tasks ======
2015-01-07 13:55:39    --------    d-----w-    C:\WINDOWS\Sysnative\Tasks\Safer-Networking
2014-12-29 10:01:35    B63AD96D5AB77552EFDB7D2277C3B0CB    3886    ----a-w-    C:\WINDOWS\Sysnative\Tasks\Adobe Acrobat Update Task
2014-12-23 13:12:39    F7770B17F7BAB8353893C8862774F45F    3288    ----a-w-    C:\WINDOWS\Sysnative\Tasks\avastBCLRestartS-1-5-21-2027014631-3366834958-3693072843-1001
2014-12-15 08:41:14    292B20333A9FE3146726A09D15B69C6D    3598    ----a-w-    C:\WINDOWS\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2027014631-3366834958-3693072843-1026
2014-12-15 08:40:31    6DEC3A3CC424089523D1A405F5ECE5B0    3942    ----a-w-    C:\WINDOWS\Sysnative\Tasks\User_Feed_Synchronization-{AD95870B-A955-4D57-A0F8-C8A307D8D1B9}
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-01-07 15:38:22    --------    d--h--w-    C:\Program Files\CanonBJ
2014-12-15 08:52:32    --------    d-----w-    C:\Program Files\Google
======= C:\PROGRA~2 =====
2014-12-23 09:50:02    --------    d-sh--w-    C:\PROGRA~2\Xoceancessivellid
======= C: =====
====== C:\Users\Julian\AppData\Roaming ======
2014-12-18 16:52:01    --------    d-----w-    C:\Users\Admin\AppData\Local\TeamViewer
2014-12-16 10:24:31    --------    d-----w-    C:\Users\Julian\AppData\Local\TeamViewer
2014-12-15 08:46:10    --------    d-sh--w-    C:\Users\Admin\AppData\Locallow\EmieUserList
2014-12-15 08:46:10    --------    d-sh--w-    C:\Users\Admin\AppData\Locallow\EmieBrowserModeList
2014-12-15 08:46:10    --------    d-----w-    C:\Users\Admin\AppData\Locallow\Evernote
2014-12-15 08:43:17    --------    d-----w-    C:\Users\Admin\AppData\Local\Samsung
2014-12-15 08:41:31    --------    d-----w-    C:\Users\Admin\AppData\Locallow\LastPass
2014-12-15 08:40:31    --------    d-sh--w-    C:\Users\Admin\AppData\Local\EmieUserList
2014-12-15 08:40:31    --------    d-sh--w-    C:\Users\Admin\AppData\Local\EmieSiteList
2014-12-15 08:40:31    --------    d-sh--w-    C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-15 08:40:10    --------    d-sh--w-    C:\Users\Admin\AppData\Locallow\EmieSiteList
2014-12-15 08:38:13    --------    d-----w-    C:\Users\Admin\AppData\Local\Adobe
2014-12-15 08:36:56    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Apple Computer
2014-12-15 08:35:53    --------    d-----w-    C:\Users\Admin\AppData\Local\Absolute_Software
2014-12-15 08:35:46    846DB31679961726618689F9B718657C    1024    ----a-w-    C:\Users\Admin\AppData\Roaming\AbsoluteReminder.xml
2014-12-15 08:35:22    --------    d-s---w-    C:\Users\Admin\AppData\Locallow\Microsoft
2014-12-15 08:34:39    --------    d-----r-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-12-15 08:34:39    --------    d-----r-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-12-15 08:34:35    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Adobe
2014-12-15 08:34:25    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Real
2014-12-15 08:34:20    --------    d-----w-    C:\Users\Admin\AppData\Local\VirtualStore
2014-12-15 08:34:20    --------    d-----w-    C:\Users\Admin\AppData\Local\Packages
2014-12-15 08:34:01    --------    d-----w-    C:\Users\Admin\AppData\Local\Google
2014-12-15 08:34:01    --------    d-----w-    C:\Users\Admin\AppData\Local\ATI
2014-12-15 08:34:00    --------    d-s---w-    C:\Users\Admin\AppData\Roaming\Microsoft
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\AppData\Roaming\ATI
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\AppData\Local\Temp
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\AppData\Local\Microsoft Help
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\AppData\Local\Microsoft
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-10 22:16:09    --------    d-----w-    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming\Real
====== C:\Users\Julian ======
2015-01-07 17:46:13    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6200 series
2015-01-07 15:39:42    --------    d-----w-    C:\ProgramData\Canon IJ Network Tool
2015-01-07 15:34:29    C2EF265C3C8EF160995F1EA61E7B23D8    31125064    ----a-w-    C:\Users\Julian\Downloads\mp68-win-mg6200-1_02-ea24.exe
2015-01-06 22:27:39    9208E5A0A844FCCB39B5252C07B4E860    2173952    ----a-w-    C:\Users\Julian\Downloads\adwcleaner_4.106.exe
2014-12-20 10:49:46    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2014-12-15 09:26:05    --------    d-----r-    C:\Users\Julian\Creative Cloud Files
2014-12-15 08:46:55    --------    d-----r-    C:\Users\Admin\Creative Cloud Files
2014-12-15 08:34:39    --------    d-----r-    C:\Users\Admin\Searches
2014-12-15 08:34:38    --------    d-----r-    C:\Users\Admin\Contacts
2014-12-15 08:34:08    075B0DA82E23780FA2DD7F2EA0464FD4    258    --sha-r-    C:\Users\Admin\ntuser.pol
2014-12-15 08:34:06    6FC234AD3752E1267B34FB12BCD6718B    20    --sha-w-    C:\Users\Admin\ntuser.ini
2014-12-15 08:34:00    --------    d--h--w-    C:\Users\Admin\AppData
2014-12-15 08:34:00    --------    d-----w-    C:\Users\Admin\Roaming
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Videos
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Saved Games
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Pictures
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Music
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Links
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Favorites
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Downloads
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Documents
2014-12-15 08:34:00    --------    d-----r-    C:\Users\Admin\Desktop

====== C: exe-files ==
2015-01-07 18:33:56    FFA5DC10B8F2C8538D08ABCA9AA3D90B    749384    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\delegate_execute.exe
2015-01-07 18:33:56    37805C1197122B0329D596012F6765F8    1277256    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\Installer\setup.exe
2015-01-07 18:33:32    AE4850EA535CBD0ACD28EABF2C7BAF32    46664272    ----a-w-    C:\Users\Julian\AppData\Local\Google\Update\Download\{4EA16AC7-FD5A-47C3-875B-DBF4A2008C20}\41.0.2269.0\41.0.2269.0_chrome_installer_win64.exe
2015-01-07 15:39:42    C4C213534A383CCFF12DDBC27A9B112C    721552    ----a-w-    C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE
2015-01-07 15:39:42    652AA7E28743988B65B37B5BC8E3939C    116392    ----a-w-    C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNUU.exe
2015-01-07 15:39:40    5F7EE76129F9A591F22F99F95D97AC95    452016    ----a-w-    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
2015-01-07 15:39:39    F6F85C764E5F93A381EFE06CBBA095BF    408008    ---ha-w-    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exe
2015-01-07 15:38:37    D075D6983A3824F8C72C6BE196C65448    55472    ------w-    C:\Program Files\CanonBJ\IJPrinter\Canon MG6200 series\IJDIA6.exe
2015-01-07 04:52:46    CC397196EDD778832A9F19CB31461794    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mcomm.exe
2015-01-07 04:52:46    CC17AE993DBB156A79B9C33BF39A046E    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\G2MUninstall.exe
2015-01-07 04:52:46    CC17AE993DBB156A79B9C33BF39A046E    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\G2MInstHigh.exe
2015-01-07 04:52:46    C68DAB4E53EC43B2F60FC8BD93DDEC62    6406144    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mtranscoder.exe
2015-01-07 04:52:46    B2C945B4535BAA8186AF09058ACF6D97    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mvideoconference.exe
2015-01-07 04:52:46    B2C945B4535BAA8186AF09058ACF6D97    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe
2015-01-07 04:52:46    B2C945B4535BAA8186AF09058ACF6D97    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mstart.exe
2015-01-07 04:52:46    B2C945B4535BAA8186AF09058ACF6D97    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mlauncher.exe
2015-01-07 04:52:46    B2C945B4535BAA8186AF09058ACF6D97    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\G2MInstaller.exe
2015-01-07 04:52:46    AAFD06F6B9941867CF90E75F0CAD47A0    39792    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mui.exe
2015-01-06 18:49:05    C94A801E9E6E8F2ECA2619AEB000A78A    1276744    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\Installer\setup.exe
2015-01-06 18:49:00    CD3AC5F8CE8217C6BF92CFD4FF8CAE27    749384    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\delegate_execute.exe
2015-01-01 13:53:01    C5062D26F69EE09916183B6A333C6C83    6406144    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mtranscoder.exe
2015-01-01 13:53:01    B1FE0D8E1F6BFC1CB112AB99735E4EEA    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\G2MUninstall.exe
2015-01-01 13:53:01    B1FE0D8E1F6BFC1CB112AB99735E4EEA    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\G2MInstHigh.exe
2015-01-01 13:53:01    95DCEA48C825D5C925CA03A1D2B790BA    39792    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mui.exe
2015-01-01 13:53:01    83DDD80FD7485FBC8CDA963EAD00EE8A    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mcomm.exe
2015-01-01 13:53:01    4115C3E52C63F949B0404AF958C1FA7C    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mvideoconference.exe
2015-01-01 13:53:01    4115C3E52C63F949B0404AF958C1FA7C    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
2015-01-01 13:53:01    4115C3E52C63F949B0404AF958C1FA7C    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mstart.exe
2015-01-01 13:53:01    4115C3E52C63F949B0404AF958C1FA7C    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\g2mlauncher.exe
2015-01-01 13:53:01    4115C3E52C63F949B0404AF958C1FA7C    40304    ----a-w-    C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2130\G2MInstaller.exe
=== C: other files ==
2015-01-07 18:33:50    D2F6A1B11344D9AC7BCFB75900D4ADE1    23668    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\default_apps\youtube.crx
2015-01-07 18:33:50    8AD223868AB9974F7746D0227730A0CC    26392    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\default_apps\search.crx
2015-01-07 18:33:50    71E1283B8440F6264CEC99DF9AD81F5B    25561    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\default_apps\drive.crx
2015-01-07 18:33:50    2E2E328E5BF6BE61203164B3E9EA8094    24040    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\default_apps\gmail.crx
2015-01-07 18:33:50    2C71C49F991095A1848624907BACBB08    4578    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2269.0\default_apps\docs.crx
2015-01-07 10:49:18    B3725B7F719957F93D148C15E99AAF12    2086691    ----a-r-    C:\Users\Julian\Documents\Maria\ACS - AVL system.zip
2015-01-07 10:48:39    1503098051C5C4FBA69C4D06C530CC39    526190    ----a-w-    C:\Users\Julian\Documents\Maria\Tor Browser\FirefoxPortable\Data\profile\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
2015-01-07 10:47:56    08C972D9D837C1049DB284EB2A05F0DD    525390    ----a-w-    C:\Users\Julian\Documents\Maria\Tor Browser\FirefoxPortable\Data\profile\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
2015-01-07 10:47:49    ABDE215756328694FD7B238DBBD6BDFB    227290    ----a-w-    C:\Users\Julian\Documents\Maria\Student System\meetingswith157groupandexeteruni.zip
2015-01-07 08:54:16    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Julian\AppData\Local\Temp\avastBCLTMP\firefoxmini@go.im.zip
2015-01-07 08:54:16    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Julian\AppData\Local\Temp\avastBCLTMP\{635abd67-4fe9-1b23-4f01-e679fa7484c1}.zip
2015-01-06 18:48:52    D2F6A1B11344D9AC7BCFB75900D4ADE1    23668    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\default_apps\youtube.crx
2015-01-06 18:48:52    8AD223868AB9974F7746D0227730A0CC    26392    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\default_apps\search.crx
2015-01-06 18:48:52    71E1283B8440F6264CEC99DF9AD81F5B    25561    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\default_apps\drive.crx
2015-01-06 18:48:52    2E2E328E5BF6BE61203164B3E9EA8094    24040    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\default_apps\gmail.crx
2015-01-06 18:48:52    2C71C49F991095A1848624907BACBB08    4578    ----a-w-    C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2268.0\default_apps\docs.crx
2015-01-06 05:42:14    65AAD915EB50206DE10589E36E89EF4B    1067768    ----a-w-    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\OOLiveUpdateWorker.exeSEKDPW6D.zip
2015-01-05 13:30:12    BF99D84DA78DB8437686329F7B765A69    29204    ----a-w-    C:\Users\Julian\Documents\Vivid\SkyHigh\Olympic Park\Results\results.zip
2015-01-05 13:07:57    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Julian\AppData\Local\Temp\avastBCLTMP\nmmhkkegccagdldgiimedpiccmgmieda.zip
2015-01-05 13:07:40    76CDB2BAD9582D23C1F6F4D868218D6C    22    ----a-w-    C:\Users\Julian\AppData\Local\Temp\avastBCLTMP\aidmijgopnhoenebampepekbbejfboae.zip
2015-01-03 05:54:42    65AAD915EB50206DE10589E36E89EF4B    1067768    ----a-w-    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\OOLiveUpdateWorker.exeUBQAT62J.zip

======== System Restore Points ========

RP101: 24/12/2014 07:57:37 - Windows Update
RP103: 05/01/2015 12:11:10 - Windows Update
RP104: 08/01/2015 10:07:43 - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2027014631-3366834958-3693072843-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"2BB777B4D97D5CBA4F37597096A565E0D6CA792C._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"MobileAppSync"="C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
"Spotify"="C:\Users\Julian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Julian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Starfield Updater"="C:\Users\Julian\AppData\Local\Workspace\WorkspaceUpdate.exe"
"wben"="C:\Users\Julian\AppData\Local\Workspace\wben.exe"
"Workspace Status"="C:\Users\Julian\AppData\Local\Workspace\workspacestatus.exe"
"Google Update"="C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"VideoDownloaderUltimate"="C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair"
"Leap Control Panel"="C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe --quietlaunch"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Intel AppUp(SM) center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"FileFort"="C:\Program Files (x86)\NCH Software\FileFort\filefort.exe -logon"
"Intel AppUp® center"="C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Communicator"="C:\Program Files (x86)\Microsoft Lync\communicator.exe /fromrunkey"
"SystemExplorerAutoStart"="C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"
"RealDownloader"="C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"2BB777B4D97D5CBA4F37597096A565E0D6CA792C._service_run"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --type=service"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"MobileAppSync"="C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
"Spotify"="C:\Users\Julian\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart"
"Spotify Web Helper"="C:\Users\Julian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"MyDriveConnect.exe"="C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"Starfield Updater"="C:\Users\Julian\AppData\Local\Workspace\WorkspaceUpdate.exe"
"wben"="C:\Users\Julian\AppData\Local\Workspace\wben.exe"
"Workspace Status"="C:\Users\Julian\AppData\Local\Workspace\workspacestatus.exe"
"Google Update"="C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"VideoDownloaderUltimate"="C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair"
"Leap Control Panel"="C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe --quietlaunch"
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect "
"RtHDVBg_SRSSA"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SRSSA"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Bitcasa"="C:\Program Files\Bitcasa\Bitcasa.exe /startup"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"ETDCtrl"="%ProgramFiles%\Elantech\ETDCtrl.exe "

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenuEx]
"command"="C:\\Program Files (x86)\\Canon\\Solution Menu EX\\CNSEMAIN.EXE /logon"
"hkey"="HKLM"
"item"="CanonSolutionMenuEx"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Communicator]
"command"="\"C:\\Program Files (x86)\\Microsoft Lync\\communicator.exe\" /fromrunkey"
"hkey"="HKLM"
"item"="Communicator"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Norton Online Backup]
"command"="C:\\Program Files (x86)\\Symantec\\Norton Online Backup\\NOBuClient.exe"
"hkey"="HKLM"
"item"="Norton Online Backup"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"command"="\"c:\\program files (x86)\\real\\realplayer\\Update\\realsched.exe\" -osboot"
"hkey"="HKLM"
"item"="TkBellExe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk]
"backup"="C:\\WINDOWS\\pss\\RealPlayer Cloud Service UI.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Program Files (x86)\\Real\\RealPlayer\\RPDS\\Bin64\\rpsystray.exe"
"item"="RealPlayer Cloud Service UI"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\RealPlayer Cloud Service UI.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Julian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\OneNote 2010 Screen Clipper and Launcher.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files (x86)\\Microsoft Office\\Office14\\ONENOTEM.EXE /tsr"
"item"="OneNote 2010 Screen Clipper and Launcher"
"path"="C:\\Users\\Julian\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2010 Screen Clipper and Launcher.lnk"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeActiveFileMonitor11.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AMD External Events Utility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bluetooth Device Monitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Bluetooth OBEX Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BTHSSecurityMgr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DefaultTabSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DisplayLinkService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Easy Launcher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ETDService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ExpressAccountsService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ExpressInvoiceService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\File Backup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IAStorDataMgrSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Capability Licensing Service Interface]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Capability Licensing Service TCP IP Interface]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® ME Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® Wireless Bluetooth® 4.0 Radio Management]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IntelliMemory]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\InventoriaService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LeapService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSCSPTISRV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NOBU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvUpdatusService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PACSPTISVR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect Helper Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealNetworks Downloader Resolver Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealPlayer Cloud Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RealPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\spiceworks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SPTISRV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SWUpdateService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Updater Service for AMZN]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VMAuthdService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VMUSBArbService]


==== Startup Folders ======================

2013-07-29 09:49:22    1104    ----a-w-    C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-08-29 08:29:30    1147    ----a-w-    C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
2014-04-20 13:02:08    2126    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
2014-07-21 20:26:21    1276    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/12/2014 08:52]
C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001.job --a-------- C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [07/01/2015 04:52]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27/07/2013 15:38]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001Core.job --a-------- C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [24/06/2014 02:08]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001UA.job --a-------- C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [24/06/2014 02:08]
C:\WINDOWS\tasks\SDMsgUpdate (Local).job --a-------- C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe [13/08/2012 15:18]
C:\WINDOWS\tasks\SDMsgUpdate (TE).job --a-------- C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe [13/08/2012 15:18]

==== Other Scheduled Tasks ======================

"C:\WINDOWS\SysNative\tasks\Absolute Reminder" ["%PROGRAMFILES(x86)%\Absolute Software\Absolute Reminder\AbsoluteReminder.exe"]
"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\Adobe Flash Player Updater" [C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\WINDOWS\SysNative\tasks\Adobe online update program" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\advRecovery" ["C:\Program Files\Samsung\Recovery\WCScheduler.exe"]
"C:\WINDOWS\SysNative\tasks\avastBCLRestartS-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Program Files (x86)\Google\Chrome\Application\chrome.exe]
"C:\WINDOWS\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\WINDOWS\SysNative\tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001Core" [C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001UA" [C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\WINDOWS\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\WINDOWS\SysNative\tasks\Java Update Scheduler" [C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe]
"C:\WINDOWS\SysNative\tasks\Real Player online update program" [C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloader Update Check" [C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2027014631-3366834958-3693072843-1001" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\WINDOWS\SysNative\tasks\RtHDVBg_SRSSA" ["C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe"]
"C:\WINDOWS\SysNative\tasks\RTKCPL" ["C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"]
"C:\WINDOWS\SysNative\tasks\SAgent" ["%ProgramFiles%\Samsung\S Agent\CommonAgent.exe"]
"C:\WINDOWS\SysNative\tasks\SamsungLinkPC" ["%ProgramFiles(X86)%\Samsung\HomeSync Lite\RefreshToken.exe"]
"C:\WINDOWS\SysNative\tasks\SDMsgUpdate (Local)" [C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe]
"C:\WINDOWS\SysNative\tasks\SDMsgUpdate (TE)" [C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe]
"C:\WINDOWS\SysNative\tasks\Settings" ["C:\Program Files (x86)\Samsung\Settings\sSettings.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{AD95870B-A955-4D57-A0F8-C8A307D8D1B9}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{C3C7C508-BC53-4185-9B10-E76BE91C1C5A}" [C:\WINDOWS\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\NCH Software\InventoriaSchedBackup" [C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe"]
"C:\WINDOWS\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe"]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
user_pref("keyword.URL", "https://www.google.com/search/?trackid=sp-006");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [28/11/2014 11:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Undetermined - support@lastpass.com
- Undetermined - wrc@avast.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
9860727E477F17B88E39AF8B69B0407A    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll -    Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C    - C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll -    Google Update
252949179FE1C491B7D16A9AA376B29B    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealPlayer Video Downloader for HTML5  (32-bit)
9C5BB5C14408A2C735A18164EEC2F2DA    - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff.dll -    Online Storage plug-in
9C5BB5C14408A2C735A18164EEC2F2DA    - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npoff.dll -    Online Storage plug-in
E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\Julian\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
7F6C921CBDBFB31630AEE48FA463A228    - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npatgpc.dll -    ActiveTouch General Plugin Container
7F6C921CBDBFB31630AEE48FA463A228    - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npatgpc.dll -    ActiveTouch General Plugin Container
9F47DB26ED35DB2D99EAE88453F7510F    - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe.dll -    Workspace Webmail plug-in 1.0.21.46
9F47DB26ED35DB2D99EAE88453F7510F    - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npwbe.dll -    Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785    - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npwbe64.dll -    Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785    - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe64.dll -    Workspace Webmail plug-in 1.0.21.46
D98D6D9726A18E31385DAE3DDAE35953    - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npoff64.dll -    Online Storage plug-in
D98D6D9726A18E31385DAE3DDAE35953    - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff64.dll -    Online Storage plug-in


==== Chromium Look ======================

Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23/11/2014 17:27]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Julian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[19/08/2014 08:44]

Google Drive - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Show the YouTube Channel bar or the name. - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn
WOT - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Quicktime for Chrome - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cejkmonkejkfelfmmefomcgficedapag
Video Downloader professional - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Sea Quail Database Diagram Tool - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg
Avast Online Security - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
LastPass - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Google Wallet - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Evernote Web Clipper - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Google Docs - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
WOT - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Calendar - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn
avast Online Security - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealPlayer Downloader - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
DefaultTab - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Google Wallet - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Amazon 1Button App for Chrome - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Send from Gmail (by Google) - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Evernote Web Clipper - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Identity Protection - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Gmail - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Show the YouTube Channel bar or the name. - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn
WOT - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
20-20 3D Viewer for Virtual Studio - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc
Video Downloader professional - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Sea Quail Database Diagram Tool - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg
Google Sheets - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Avast Online Security - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
LastPass - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Bitcasa Everywhere - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jbebdjcjllheeclffnofhgcimmlkkbon
Chrome Hotword Shared Module - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Google Wallet - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Evernote Web Clipper - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc
Gmail - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
DefaultTab - C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

==== Chromium Startpages ======================

C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://samsung13.msn.com/",


==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.mysearchresults.com/?c=9001&t=11"
"Search Page"="http://www.google.com"
"Search Bar"="https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{528C19F4-1DF6-47BC-8A81-BA9640BBCF72}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{528C19F4-1DF6-47BC-8A81-BA9640BBCF72} Google  Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7PLXA_en-GBGB619"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="http://www.google.com/search?q={sear"
{8ED0DBFC-D795-412D-8AD0-7A2B30B7B09B} Unknown  Url="Not_Found"
{F155A67E-C153-42ED-ABAF-A4D7A8147C56} Search Here Url="http://www.mysearchresults.com/search?c=8005&t=11&q={searchTerms}"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 08/01/2015 at 10:17:22.04 ======================


Edited by seedy21, 08 January 2015 - 11:32 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 08 January 2015 - 12:14 PM

Hi grumpyhumpy

Before we continue I can see some specialised software on your machine. Can you confirm if this machine is a Work or a Personal machine? If its a work machine do you have permission to fix it?

Thank you


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 10 January 2015 - 11:47 AM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 10 January 2015 - 02:06 PM

\apologies, I've been away from home.This is my own machine, which I use for work (my own company).



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 10 January 2015 - 03:03 PM

Hello grumpyhumpy

 

Thank you for getting back to me. If you are going to be away from the machine for more than 48 hours let me know.

 

Step 1

We need to disable DAEMON Tools Lite as it has been known to interfere with our fixes.

Please download Defogger and save it to your Desktop.

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete
  • When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down

Step 2

  • Click on Start -> Control Panel -> Add/Remove Programs
  • Uninstall the following Programs:-
  • Java 7 Update 67
    Spybot - Search & Destroy
  • Close the Add/Remove Programs and Control Panel
  • Restart your computer

Step 3

We need to re-run Zoek

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
    autoclean;
    C:\PROGRA~2\Xoceancessivellid;f
    C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C};f
    {F155A67E-C153-42ED-ABAF-A4D7A8147C56}[color=blue];c[/color]
    emptyalltemp;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

Step 4

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits
    MBAMsettings.JPG
  • Go back to the Dashboard and select Scan Now
    MBAMScan.JPG
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot
    MBAMReboot.JPG
  • On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop.
    MBAMLog.JPG

  • Please post that log for my review.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 12 January 2015 - 09:45 AM

zoek log

Zoek.exe v5.0.0.0 Updated 09-January-2015
Tool run by Julian on 12/01/2015 at 10:02:53.55.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Julian\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2015-01-08-101722.log 75052 bytes
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\Amazon deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\AltiumDesignerSummer09_ViewerSecurity deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\NVIDIA deleted successfully
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\Julian\AppData\Roaming\webex deleted successfully
C:\Users\Admin\AppData\Local\VirtualStore deleted successfully
C:\Users\Julian\AppData\Local\cache deleted successfully
C:\Users\Julian\AppData\Local\offsync deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2027014631-3366834958-3693072843-1001\Software\Microsoft\Internet Explorer\SearchScopes\{F155A67E-C153-42ED-ABAF-A4D7A8147C56} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
 
user.js not found
---- Lines isearch removed from prefs.js ----
user_pref("weboftrust.search.avg.url", "^http(s)?\\:\\/\\/isearch\\.avg\\.com\\/search\\?");
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines offers removed from prefs.js ----
user_pref("weboftrust.category.301", "{\"name\":\"301\",\"group\":\"4\",\"text\":\"Online tracking\",\"description\":\"Based on your experience the si
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_012015_1027_.backup
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\AltiumDesignerSummer09_ViewerSecurity not found
C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
"C:\PROGRA~3\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}" not found
C:\PROGRA~2\Participatory Culture Foundation deleted
C:\Users\Julian\AppData\Roaming\MAGIX deleted
C:\Users\Julian\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\VideoDownloaderUltimateWinApp deleted
C:\PROGRA~3\MAGIX deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Julian\Downloads\SoftonicDownloader_for_free-flash-flv-video-converter.exe deleted
C:\Users\Julian\Downloads\SoftonicDownloader_for_google-sketchup.exe deleted
C:\WINDOWS\wininit.ini deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted
C:\WINDOWS\SysWow64\AI_RecycleBin deleted
C:\Users\Julian\Desktop\Video Downloader Ultimate.lnk deleted
C:\Users\Julian\Desktop\Softonic.lnk deleted
C:\PROGRA~3\MakeMarkerFile.exe deleted
"C:\PROGRA~2\Xoceancessivellid\cacert.crt" deleted
"C:\PROGRA~2\Xoceancessivellid\CertMgr.Exe" deleted
"C:\PROGRA~2\Xoceancessivellid\libeay32.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\msvcp120.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\msvcr120.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\Qt5Core.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\Qt5Network.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\ssleay32.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\WinDivert.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\windivert.inf" deleted
"C:\PROGRA~2\Xoceancessivellid\WinDivert32.sys" deleted
"C:\PROGRA~2\Xoceancessivellid\WinDivert64.sys" deleted
"C:\PROGRA~2\Xoceancessivellid\Xoceancessivellid.exe" deleted
"C:\PROGRA~2\Xoceancessivellid\XoceancessivellidHelper.exe" deleted
"C:\PROGRA~2\Xoceancessivellid\platforms\qwindows.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\cacert.crt" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\certutil.exe" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\freebl3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\libnspr4.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\libplc4.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\libplds4.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\msvcp100.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\msvcr100.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\nss3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\nssdbm3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\nssutil3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\smime3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\softokn3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid\temp\sqlite3.dll" deleted
"C:\PROGRA~2\Xoceancessivellid" deleted
"C:\PROGRA~2\Xoceancessivellid\platforms" deleted
"C:\PROGRA~2\Xoceancessivellid\temp" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [28/11/2014 11:13]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
- Undetermined - {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Undetermined - support@lastpass.com
- Undetermined - wrc@avast.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
9860727E477F17B88E39AF8B69B0407A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll - Shockwave Flash
D2377C9458EFEB094E38B8C874AA214C - C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
252949179FE1C491B7D16A9AA376B29B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealPlayer Video Downloader for HTML5  (32-bit)
9C5BB5C14408A2C735A18164EEC2F2DA - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff.dll - Online Storage plug-in
9C5BB5C14408A2C735A18164EEC2F2DA - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npoff.dll - Online Storage plug-in
E3B4EA121F7BDEB0F6366E2BA9608CB5 - C:\Users\Julian\AppData\Local\Citrix\Plugins\104\npappdetector.dll - Citrix Online Web Deployment Plugin 1.0.0.104
7F6C921CBDBFB31630AEE48FA463A228 - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npatgpc.dll - ActiveTouch General Plugin Container
7F6C921CBDBFB31630AEE48FA463A228 - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npatgpc.dll - ActiveTouch General Plugin Container
9F47DB26ED35DB2D99EAE88453F7510F - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe.dll - Workspace Webmail plug-in 1.0.21.46
9F47DB26ED35DB2D99EAE88453F7510F - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npwbe.dll - Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785 - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npwbe64.dll - Workspace Webmail plug-in 1.0.21.46
F00CEF0100E086D1CE1AAF10ECAFE785 - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe64.dll - Workspace Webmail plug-in 1.0.21.46
D98D6D9726A18E31385DAE3DDAE35953 - C:\Users\Julian\AppData\Roaming\Mozilla\plugins\npoff64.dll - Online Storage plug-in
D98D6D9726A18E31385DAE3DDAE35953 - C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff64.dll - Online Storage plug-in
 
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Admin\AppData\Local\Google\Chrome deleted
Fake profile C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 39.0.2171.95 (Up to date, latest Stable version: 39.0.2171.95)
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[23/11/2014 17:27]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Julian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[19/08/2014 08:44]
 
Google Voice Search Hotword (Beta) - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
Quicktime for Chrome - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cejkmonkejkfelfmmefomcgficedapag
Sea Quail Database Diagram Tool - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg
Avast Online Security - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
LastPass - Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
WOT - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
avast Online Security - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki
RealPlayer Downloader - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
DefaultTab - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Amazon 1Button App for Chrome - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Send from Gmail (by Google) - Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc
Norton Identity Protection - Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
WOT - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
20-20 3D Viewer for Virtual Studio - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc
Sea Quail Database Diagram Tool - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg
Avast Online Security - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
LastPass - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Bitcasa Everywhere - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jbebdjcjllheeclffnofhgcimmlkkbon
Chrome Hotword Shared Module - Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
 
==== Chromium Fix ======================
 
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_result.smartwebsearch.info_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_result.smartwebsearch.info_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.specsavers.co.uk_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.specsavers.co.uk_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.subscriptionsave.co.uk_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.subscriptionsave.co.uk_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_uk.ask.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_customerservices.npower.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_customerservices.npower.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Local Storage\http_www.productsandservices.bt.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_en.softonic.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_google-sketchup.en.softonic.com_0.localstorage deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_google-sketchup.en.softonic.com_0.localstorage-journal deleted successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{528C19F4-1DF6-47BC-8A81-BA9640BBCF72}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo  Url="http://www.google.com/search?q={sear"
{8ED0DBFC-D795-412D-8AD0-7A2B30B7B09B} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2027014631-3366834958-3693072843-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8ED0DBFC-D795-412D-8AD0-7A2B30B7B09B} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\FFPDFArchitectConverter@pdfarchitect.com deleted successfully
 
==== Reset IE Proxy ======================
 
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:9881;https=127.0.0.1:9881"
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000
 
Value(s) after fix:
"ProxyEnable"=dword:00000000
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Julian\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Julian\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Julian\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Julian\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Julian\AppData\Local\Mozilla\Firefox\Profiles\6wexan5m.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Cache emptied successfully
C:\Users\Julian\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=488 folders=289 900095667 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Admin\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Julian\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Julian\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 12/01/2015 at 10:54:30.62 ======================


#11 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 12 January 2015 - 09:46 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/01/2015
Scan Time: 13:46:44
Logfile: MWBAM log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.12.04
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Julian
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 445051
Time Elapsed: 34 min, 9 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2027014631-3366834958-3693072843-1026-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [6137fdf7acdd49ed429796569d65fa06], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2027014631-3366834958-3693072843-1026-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7F6AFBF1-E065-4627-A2FD-810366367D01}, Quarantined, [6137fdf7acdd49ed429796569d65fa06], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2027014631-3366834958-3693072843-1026-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [ccccfcf8b9d00f27f2eecd5182810ef2], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-2027014631-3366834958-3693072843-1026-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, Quarantined, [ccccfcf8b9d00f27f2eecd5182810ef2], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363}, Quarantined, [395fe014dfaaee48dad27c70a75bcd33], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77}, Quarantined, [2b6d47aded9cfc3a9f0ee10b6e9447b9], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DefaultTab, Quarantined, [8c0c3db73a4f989ebd9bdb95c73c33cd], 
PUP.Optional.DefaultTab.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [d3c59c58f891f145cbf41e937c87cf31], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 6
PUP.Optional.IBryte.A, C:\Users\Julian\Downloads\Setup.exe, Quarantined, [b6e242b2dfaa87af9956fb2de120dd23], 
PUP.Optional.OpenCandy, C:\Users\Julian\Downloads\DTLite4481-0347.exe, Quarantined, [2d6b6c888801c86e992703b3ef1650b0], 
PUP.Optional.SoftPulse, C:\Users\Julian\Downloads\Unconfirmed 740367.crdownload, Quarantined, [3d5b34c0d0b95ed83b5ed92ba35f2bd5], 
PUP.Optional.IBryte.A, C:\Users\Julian\Downloads\Setup (1).exe, Quarantined, [acec4da7f5941125ec038d9be0216f91], 
PUP.Optional.Soft32.A, C:\Users\Julian\Downloads\microsoft visual c 2010 express setup.exe, Quarantined, [a8f01dd739505adc1d46f564b051cf31], 
PUP.Optional.Iminent.A, C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, Quarantined, [f7a1fafa5732a78ffb676e1145be3cc4], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 12 January 2015 - 01:59 PM

Hello grumpyhumpy
 
Step 1
 
Please Download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 13 January 2015 - 03:19 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by Julian (administrator) on JULES-LAPTOP on 13-01-2015 08:13:37
Running from C:\Users\Julian\Downloads
Loaded Profile: Julian (Available profiles: Julian & Admin)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dassault Systèmes) C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(O&O Software GmbH) C:\Program Files (x86)\OO Software\Syspectr\OOSysAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(Google Inc.) C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\chrome.exe
(SEC) C:\Program Files\Samsung\Recovery\WCScheduler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Mister Group) C:\Program Files (x86)\System Explorer\SystemExplorer.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Mister Group) C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1389936 2014-07-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4357632 2014-02-21] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13674712 2014-07-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-22] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [FileFort] => "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-07-22] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-11-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-05-01] (Microsoft Corporation)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => C:\Program Files (x86)\System Explorer\SystemExplorer.exe [3385192 2014-08-21] (Mister Group)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [2BB777B4D97D5CBA4F37597096A565E0D6CA792C._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [MobileAppSync] => C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [332288 2013-08-07] (Adknowledge)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Spotify] => C:\Users\Julian\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-30] (Spotify Ltd)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Spotify Web Helper] => C:\Users\Julian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-30] (Spotify Ltd)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-11-29] (TomTom)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Starfield Updater] => C:\Users\Julian\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2014-05-10] (Starfield Technologies)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [wben] => C:\Users\Julian\AppData\Local\Workspace\wben.exe [1078896 2014-10-20] (Starfield Technologies, LLC)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Workspace Status] => C:\Users\Julian\AppData\Local\Workspace\workspacestatus.exe [694760 2014-05-10] (Starfield Technologies)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Google Update] => C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-24] (Google Inc.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [VideoDownloaderUltimate] => C:\ProgramData\VideoDownloaderUltimateWinApp\VideoDownloaderUltimate.exe /repair
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [Leap Control Panel] => C:\Program Files (x86)\Leap Motion\Core Services\LeapControlPanel.exe [3583824 2014-12-18] (Leap Motion, Inc.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-15] (Google Inc.)
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\MountPoints2: {e6a9bff8-f8f9-11e2-be7d-c8f733e7b674} - "F:\autorun.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs5 - {82ED201E-E968-44C1-9FEF-BF990F041546} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {82ED201E-E968-44C1-9FEF-BF990F041546} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {D39BA2C2-07C4-444C-8FD1-8E1ECAC9E554} => C:\WINDOWS\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay-cbfs5] -> {DFA3BEEA-550C-45D9-A344-563849E2BECB} => C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [2EldosIconOverlay-cbfs5] -> {0AB20B67-F082-4873-977F-E2450F7C1F05} => C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaBadFileOverlay] -> {EC168C82-5053-422A-BB08-3CD9ACA22E85} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaMirrorOverlay] -> {8C403C00-4544-4A53-879B-1949390CDE13} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaNotMirrored] -> {775CDDED-E6D2-4DD8-8C1F-158BEF44B62A} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll ()
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {B387B651-B557-4777-9ABD-4D89207FC504} => C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {D39BA2C2-07C4-444C-8FD1-8E1ECAC9E554} => C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay-cbfs5] -> {DFA3BEEA-550C-45D9-A344-563849E2BECB} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [2EldosIconOverlay-cbfs5] -> {0AB20B67-F082-4873-977F-E2450F7C1F05} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {B387B651-B557-4777-9ABD-4D89207FC504} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default
FF DefaultSearchEngine: Google (avast)
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @cuminas.jp/DjVuPlugin -> C:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\npdjvu.dll (Cuminas Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll ()
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Julian\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @starfield.com/off -> C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @starfield.com/off64 -> C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @starfield.com/wbe -> C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @starfield.com/wbe64 -> C:\Users\Julian\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-2027014631-3366834958-3693072843-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Julian\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Julian\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Julian\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Julian\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Julian\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF SearchPlugin: C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default\searchplugins\google-avast.xml
FF Extension: WBE Paste - C:\Users\Julian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-05-10]
FF Extension: LastPass - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default\Extensions\support@lastpass.com [2014-11-20]
FF Extension: WOT - C:\Users\Julian\AppData\Roaming\Mozilla\Firefox\Profiles\6wexan5m.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-28]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://samsung13.msn.com/
CHR Profile: C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (Turn Off the Lights) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2013-07-30]
CHR Extension: (WOT) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-07-27]
CHR Extension: (Quicktime for Chrome) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cejkmonkejkfelfmmefomcgficedapag [2014-11-22]
CHR Extension: (Video Downloader professional) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-07-16]
CHR Extension: (Sea Quail Database Diagram Tool) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elkpialiknkiaebieojbgnhindepnlkg [2014-11-22]
CHR Extension: (avast! Online Security) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-27]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-08-06]
CHR Profile: C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-29]
CHR Extension: (Google Drive) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]
CHR Extension: (WOT) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-07-29]
CHR Extension: (YouTube) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]
CHR Extension: (Google Search) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]
CHR Extension: (Google Calendar) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-07-29]
CHR Extension: (avast! Online Security) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-16]
CHR Extension: (RealPlayer Downloader) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-05-09]
CHR Extension: (Google Wallet) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-08-07]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-07-29]
CHR Extension: (Evernote Web Clipper) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-07-29]
CHR Extension: (Gmail) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]
CHR Profile: C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Docs) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-29]
CHR Extension: (Google Drive) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-29]
CHR Extension: (YouTube) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-29]
CHR Extension: (Google Search) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-29]
CHR Extension: (Norton Identity Protection) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-29]
CHR Extension: (Gmail) - C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-29]
CHR HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Julian\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-05] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-23] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-23] (Avast Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S4 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123904 2014-09-25] (Dassault Systèmes) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
S4 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S4 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55720 2012-12-21] (Condusiv Technologies)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [8778752 2014-12-18] (Leap Motion, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S4 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2007-11-28] (Sony Corporation) [File not signed]
S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-28] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [47424 2014-03-17] (Spiceworks, Inc.)
S4 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2007-11-28] (Sony Corporation) [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2014-08-28] (Samsung Electronics CO., LTD.)
R2 SyspectrAgent; C:\Program Files (x86)\OO Software\Syspectr\OOSysAgent.exe [306936 2014-11-27] (O&O Software GmbH)
R3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821096 2014-08-13] (Mister Group)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S4 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [X]
S4 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [X]
S4 InventoriaService; "C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe" -service [X]
S4 Xoceancessivellid; C:\Program Files (x86)\Xoceancessivellid\Xoceancessivellid.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-23] ()
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352448 2013-02-11] (EldoS Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [413888 2013-11-25] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 dfmirage; C:\Windows\system32\DRIVERS\dfmirage.sys [36432 2008-03-04] (DemoForge, LLC)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-11-26] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [29096 2012-12-21] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104872 2012-12-21] (Condusiv Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 MOSUMAC; C:\Windows\system32\DRIVERS\USBMAC64.SYS [55296 2009-12-07] (--)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-03] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-08-01] (NVIDIA Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-23] (Avast Software)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)
S3 SBIOSIO; \??\C:\Users\Julian\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 08:13 - 2015-01-13 08:14 - 00000000 ____D () C:\FRST
2015-01-13 08:13 - 2015-01-13 08:13 - 00045695 _____ () C:\Users\Julian\Downloads\FRST.txt
2015-01-13 08:12 - 2015-01-13 08:12 - 02124288 _____ (Farbar) C:\Users\Julian\Downloads\FRST64.exe
2015-01-13 08:06 - 2015-01-13 08:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-01-13 08:06 - 2015-01-13 08:06 - 00050477 _____ () C:\Users\Julian\Downloads\Defogger (2).exe
2015-01-13 07:57 - 2015-01-13 08:01 - 00000197 _____ () C:\WINDOWS\system32\2015-01-13-07-57-03.045-AvastVBoxSVC.exe-1728.log
2015-01-12 14:41 - 2015-01-12 14:42 - 00050477 _____ () C:\Users\Julian\Downloads\Defogger (1).exe
2015-01-12 14:28 - 2015-01-12 14:35 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-14-28-54.052-AvastVBoxSVC.exe-3108.log
2015-01-12 13:44 - 2015-01-13 08:03 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 13:44 - 2015-01-12 13:44 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-12 13:44 - 2015-01-12 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 13:44 - 2015-01-12 13:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 13:44 - 2015-01-12 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-12 13:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-12 13:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-12 13:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-12 13:23 - 2015-01-12 13:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Julian\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-12 10:45 - 2015-01-12 10:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-10-45-09.036-AvastVBoxSVC.exe-3248.log
2015-01-12 10:38 - 2015-01-12 10:02 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-01-12 10:04 - 2015-01-08 10:17 - 00075052 _____ () C:\zoek-results2015-01-08-101722.log
2015-01-12 09:33 - 2015-01-12 09:45 - 00000197 _____ () C:\WINDOWS\system32\2015-01-12-09-33-50.022-AvastVBoxSVC.exe-3336.log
2015-01-12 09:24 - 2015-01-12 13:46 - 00000474 _____ () C:\Users\Julian\Downloads\defogger_disable.log
2015-01-12 09:24 - 2015-01-12 09:24 - 00000168 _____ () C:\Users\Julian\defogger_reenable
2015-01-12 09:23 - 2015-01-12 09:23 - 00050477 _____ () C:\Users\Julian\Downloads\Defogger.exe
2015-01-12 09:16 - 2015-01-12 09:16 - 00095232 _____ () C:\Users\Julian\Downloads\Jules Humpheson PI.xls
2015-01-10 18:40 - 2015-01-10 18:44 - 00000197 _____ () C:\WINDOWS\system32\2015-01-10-18-40-41.051-AvastVBoxSVC.exe-4912.log
2015-01-10 11:44 - 2015-01-10 11:53 - 00000197 _____ () C:\WINDOWS\system32\2015-01-10-11-44-50.092-AvastVBoxSVC.exe-3916.log
2015-01-08 19:31 - 2015-01-08 19:32 - 01001953 _____ () C:\Users\Julian\Downloads\QEOP Calibrated Count 08-01-15.xlsx
2015-01-08 10:18 - 2015-01-08 10:18 - 00075052 _____ () C:\Users\Julian\Documents\zoek-results.txt
2015-01-08 10:07 - 2015-01-12 10:54 - 00022656 _____ () C:\zoek-results.log
2015-01-08 10:05 - 2015-01-12 10:32 - 00000000 ____D () C:\zoek_backup
2015-01-08 10:05 - 2015-01-08 10:05 - 01295360 _____ () C:\Users\Julian\Downloads\zoek.exe
2015-01-07 17:55 - 2015-01-07 17:55 - 00000197 _____ () C:\WINDOWS\system32\2015-01-07-17-55-11.002-AvastVBoxSVC.exe-3532.log
2015-01-07 17:46 - 2015-01-07 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6200 series
2015-01-07 15:39 - 2015-01-07 15:39 - 00002029 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ___HD () C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-01-07 15:38 - 2015-01-07 15:38 - 00000000 ____D () C:\WINDOWS\system32\STRING
2015-01-07 15:38 - 2012-06-14 17:18 - 00366592 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2015-01-07 15:38 - 2012-06-14 17:18 - 00359936 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2015-01-07 15:38 - 2012-06-14 17:18 - 00039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2015-01-07 15:34 - 2015-01-07 15:37 - 31125064 _____ () C:\Users\Julian\Downloads\mp68-win-mg6200-1_02-ea24.exe
2015-01-07 14:58 - 2015-01-07 14:58 - 00074864 _____ () C:\Users\Julian\Downloads\UR5i-v2L.log
2015-01-07 14:35 - 2013-08-22 13:25 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150107-143513.backup
2015-01-07 13:55 - 2015-01-12 09:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-07 13:55 - 2015-01-12 09:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-07 13:55 - 2015-01-07 13:55 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2015-01-07 13:50 - 2015-01-07 13:53 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Julian\Downloads\spybot-2.4.exe
2015-01-07 13:47 - 2015-01-07 13:48 - 00000000 ____D () C:\Users\Julian\Documents\Village Hall
2015-01-07 10:22 - 2015-01-07 10:22 - 00001828 _____ () C:\Users\Julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2015-01-07 08:25 - 2015-01-07 08:25 - 00000197 _____ () C:\WINDOWS\system32\2015-01-07-08-25-58.087-AvastVBoxSVC.exe-3644.log
2015-01-06 22:28 - 2015-01-07 08:18 - 00000000 ____D () C:\AdwCleaner
2015-01-06 22:27 - 2015-01-06 22:27 - 02173952 _____ () C:\Users\Julian\Downloads\adwcleaner_4.106.exe
2015-01-05 12:45 - 2015-01-05 12:45 - 00000247 _____ () C:\WINDOWS\system32\2015-01-05-12-45-23.087-aswFe.exe-8020.log
2015-01-05 12:39 - 2015-01-05 12:45 - 00000247 _____ () C:\WINDOWS\system32\2015-01-05-12-39-34.089-aswFe.exe-6628.log
2015-01-05 12:39 - 2015-01-05 12:39 - 00000197 _____ () C:\WINDOWS\system32\2015-01-05-12-39-31.039-AvastVBoxSVC.exe-4060.log
2014-12-30 22:22 - 2014-12-30 22:30 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-22-22-40.051-AvastVBoxSVC.exe-4080.log
2014-12-30 15:07 - 2014-12-30 15:16 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-15-07-23.032-AvastVBoxSVC.exe-3864.log
2014-12-30 04:12 - 2014-12-30 04:13 - 00000197 _____ () C:\WINDOWS\system32\2014-12-30-04-12-02.054-AvastVBoxSVC.exe-4496.log
2014-12-29 10:01 - 2014-12-29 10:01 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2014-12-24 23:33 - 2014-12-24 23:33 - 00000000 ____D () C:\Users\Julian\Documents\2014-12-24
2014-12-23 13:12 - 2014-12-23 13:12 - 00003288 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-2027014631-3366834958-3693072843-1001
2014-12-23 09:28 - 2014-12-23 09:39 - 00000197 _____ () C:\WINDOWS\system32\2014-12-23-09-28-14.094-AvastVBoxSVC.exe-1808.log
2014-12-22 22:12 - 2014-12-22 22:21 - 00000197 _____ () C:\WINDOWS\system32\2014-12-22-22-12-05.036-AvastVBoxSVC.exe-4060.log
2014-12-20 10:49 - 2014-12-20 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2014-12-20 10:44 - 2014-12-20 10:47 - 00000197 _____ () C:\WINDOWS\system32\2014-12-20-10-44-01.000-AvastVBoxSVC.exe-4420.log
2014-12-19 13:26 - 2014-12-19 13:26 - 02057134 _____ () C:\Users\Julian\Downloads\BT1033 - QEOP - To 14_12_14.xlsx
2014-12-18 16:52 - 2014-12-18 16:52 - 00000000 ____D () C:\Users\Admin\AppData\Local\TeamViewer
2014-12-16 10:24 - 2014-12-16 10:24 - 00000000 ____D () C:\Users\Julian\AppData\Local\TeamViewer
2014-12-15 10:18 - 2014-12-15 10:18 - 00000000 ____D () C:\Users\Julian\Documents\Joyce
2014-12-15 09:26 - 2014-12-15 09:26 - 00000000 ___RD () C:\Users\Julian\Creative Cloud Files
2014-12-15 08:52 - 2014-12-15 08:52 - 00000000 ____D () C:\Program Files\Google
2014-12-15 08:50 - 2014-12-15 08:50 - 01055936 _____ (Adobe) C:\Users\Admin\Downloads\install_flashplayer16x32_gtba_chra_dy_aaa_aih.exe
2014-12-15 08:49 - 2014-12-15 08:49 - 00000000 _____ () C:\Users\Admin\agent.log
2014-12-15 08:46 - 2014-12-15 08:46 - 00000000 ___RD () C:\Users\Admin\Creative Cloud Files
2014-12-15 08:43 - 2014-12-15 08:43 - 00000000 ____D () C:\Users\Admin\AppData\Local\Samsung
2014-12-15 08:41 - 2014-12-19 13:25 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2027014631-3366834958-3693072843-1026
2014-12-15 08:40 - 2014-12-19 13:23 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD95870B-A955-4D57-A0F8-C8A307D8D1B9}
2014-12-15 08:40 - 2014-12-15 08:40 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-12-15 08:40 - 2014-12-15 08:40 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-12-15 08:40 - 2014-12-15 08:40 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-15 08:39 - 2014-12-15 08:39 - 00001176 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-12-15 08:38 - 2014-12-19 20:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\Adobe
2014-12-15 08:36 - 2014-12-15 08:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AVAST Software
2014-12-15 08:36 - 2014-12-15 08:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2014-12-15 08:35 - 2014-12-15 08:36 - 00001024 _____ () C:\Users\Admin\AppData\Roaming\AbsoluteReminder.xml
2014-12-15 08:35 - 2014-12-15 08:35 - 00000000 ____D () C:\Users\Admin\AppData\Local\Absolute_Software
2014-12-15 08:34 - 2015-01-12 10:30 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-15 08:34 - 2014-12-23 11:28 - 00000000 ____D () C:\Users\Admin
2014-12-15 08:34 - 2014-12-15 10:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Real
2014-12-15 08:34 - 2014-12-15 08:38 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-12-15 08:34 - 2014-12-15 08:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2014-12-15 08:34 - 2014-12-15 08:34 - 00001406 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-15 08:34 - 2014-12-15 08:34 - 00000258 __RSH () C:\Users\Admin\ntuser.pol
2014-12-15 08:34 - 2014-12-15 08:34 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-12-15 08:34 - 2014-11-15 08:29 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-15 08:34 - 2014-09-17 12:05 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-15 08:34 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-12-15 08:34 - 2014-02-22 04:37 - 00000369 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-12-15 08:34 - 2014-01-22 03:35 - 00000000 ____D () C:\Users\Admin\Documents\Visual Studio 2008
2014-12-15 08:34 - 2013-12-31 14:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2014-12-15 08:34 - 2013-12-31 14:23 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2014-12-15 08:34 - 2013-10-24 17:41 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-12-15 08:34 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-15 08:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2099-11-29 23:00 - 2014-07-09 16:04 - 00043628 _____ () C:\Users\Julian\Downloads\SinkinSans-500MediumItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042964 _____ () C:\Users\Julian\Downloads\SinkinSans-800BlackItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042620 _____ () C:\Users\Julian\Downloads\SinkinSans-600SemiBoldItali.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042524 _____ () C:\Users\Julian\Downloads\SinkinSans-300LightItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042452 _____ () C:\Users\Julian\Downloads\SinkinSans-900XBlackItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042428 _____ () C:\Users\Julian\Downloads\SinkinSans-200XLightItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00042204 _____ () C:\Users\Julian\Downloads\SinkinSans-700BoldItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00041708 _____ () C:\Users\Julian\Downloads\SinkinSans-400Italic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00041672 _____ () C:\Users\Julian\Downloads\SinkinSans-100ThinItalic.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00040620 _____ () C:\Users\Julian\Downloads\SinkinSans-700Bold.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00039824 _____ () C:\Users\Julian\Downloads\SinkinSans-500Medium.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00037696 _____ () C:\Users\Julian\Downloads\SinkinSans-200XLight.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00037048 _____ () C:\Users\Julian\Downloads\SinkinSans-600SemiBold.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00037044 _____ () C:\Users\Julian\Downloads\SinkinSans-800Black.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00036772 _____ () C:\Users\Julian\Downloads\SinkinSans-900XBlack.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00036124 _____ () C:\Users\Julian\Downloads\SinkinSans-300Light.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00035872 _____ () C:\Users\Julian\Downloads\SinkinSans-400Regular.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00035720 _____ () C:\Users\Julian\Downloads\SinkinSans-100Thin.otf
2099-11-29 23:00 - 2014-07-09 16:04 - 00011323 _____ () C:\Users\Julian\Downloads\Apache License.txt
2015-01-13 08:06 - 2013-10-24 17:54 - 01486159 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-13 08:03 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-13 08:03 - 2013-08-19 17:15 - 00000542 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (Local).job
2015-01-13 08:03 - 2013-08-19 17:15 - 00000534 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2015-01-13 08:03 - 2013-07-27 15:38 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 07:53 - 2013-09-29 20:03 - 00058846 _____ () C:\WINDOWS\PFRO.log
2015-01-13 07:53 - 2013-08-22 14:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-12 14:46 - 2014-10-26 17:28 - 00000000 ____D () C:\Users\Julian\Documents\New folder
2015-01-12 14:45 - 2014-07-21 14:30 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001UA.job
2015-01-12 14:39 - 2014-08-06 15:50 - 00000594 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001.job
2015-01-12 14:27 - 2014-07-24 09:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-12 14:23 - 2013-08-22 13:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-12 14:07 - 2013-07-27 12:01 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2027014631-3366834958-3693072843-1001
2015-01-12 11:04 - 2013-01-17 07:47 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-12 10:57 - 2013-10-04 14:02 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-12 10:54 - 2013-10-24 19:10 - 00000008 __RSH () C:\Users\Julian\ntuser.pol
2015-01-12 10:54 - 2013-10-24 17:36 - 00000000 ____D () C:\Users\Julian
2015-01-12 10:29 - 2013-10-26 09:46 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C3C7C508-BC53-4185-9B10-E76BE91C1C5A}
2015-01-12 10:28 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2015-01-12 10:28 - 2012-07-26 08:12 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-12 09:26 - 2014-08-11 09:18 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-12 08:05 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-11 23:45 - 2014-07-21 14:30 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001Core.job
2015-01-11 05:49 - 2014-07-21 14:38 - 00002497 _____ () C:\Users\Julian\Desktop\Google Chrome Canary.lnk
2015-01-11 02:00 - 2013-07-27 11:54 - 00000000 ____D () C:\Users\Julian\AppData\Local\Adobe
2015-01-10 19:02 - 2014-08-19 06:27 - 00003350 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2027014631-3366834958-3693072843-1001
2015-01-10 19:02 - 2014-08-19 06:27 - 00003298 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2027014631-3366834958-3693072843-1001
2015-01-09 10:39 - 2013-10-28 08:55 - 00000000 ____D () C:\Users\Julian\Documents\House
2015-01-07 18:28 - 2013-07-27 11:49 - 00000000 ____D () C:\Users\Julian\AppData\Local\Packages
2015-01-07 17:48 - 2013-08-28 12:28 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\Skype
2015-01-07 15:39 - 2013-10-14 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-01-07 15:39 - 2013-10-14 16:40 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-01-07 15:39 - 2013-08-22 15:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-01-07 14:19 - 2014-09-03 10:22 - 00000000 ____D () C:\Users\Julian\AppData\Roaming\TeamViewer
2015-01-07 10:49 - 2014-06-14 06:24 - 00000000 ____D () C:\Users\Julian\Documents\Maria
2015-01-07 10:49 - 2013-09-30 04:11 - 00965744 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-07 10:46 - 2013-08-22 14:46 - 00336759 _____ () C:\WINDOWS\setupact.log
2015-01-07 08:54 - 2013-07-27 15:37 - 00000000 ____D () C:\Users\Julian\AppData\Local\Google
2015-01-07 08:54 - 2013-07-27 11:51 - 00066890 _____ () C:\Users\Julian\AppData\Roaming\AbsoluteReminder.xml
2015-01-07 04:52 - 2014-08-06 15:50 - 00003604 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001
2015-01-06 10:18 - 2014-09-03 10:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-04 21:56 - 2013-12-14 09:46 - 00000000 ____D () C:\Users\Julian\Documents\Matt
2014-12-30 04:06 - 2014-07-24 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-23 11:28 - 2014-07-24 08:17 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-23 11:28 - 2014-07-24 08:17 - 00001151 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-22 10:09 - 2013-09-12 09:37 - 00002487 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-22 10:09 - 2013-09-12 09:37 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-20 12:39 - 2012-07-26 07:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-20 10:49 - 2014-10-27 21:01 - 00001268 _____ () C:\Users\Public\Desktop\Leap Motion App Home.lnk
2014-12-20 10:49 - 2013-01-17 07:19 - 00145892 _____ () C:\WINDOWS\DPINST.LOG
2014-12-20 10:48 - 2013-07-30 09:36 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2014-12-20 10:38 - 2013-08-05 09:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-20 10:38 - 2013-08-05 09:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-19 13:38 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-18 16:52 - 2014-12-10 22:16 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-18 16:52 - 2014-12-10 22:16 - 00000971 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2014-12-16 16:28 - 2014-11-20 12:14 - 00000600 _____ () C:\Users\Julian\AppData\Local\PUTTY.RND
2014-12-15 08:52 - 2014-07-24 09:10 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-15 08:52 - 2013-08-19 19:26 - 00000000 ____D () C:\ProgramData\Google
2014-12-15 08:52 - 2013-07-27 15:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-15 08:36 - 2013-07-27 11:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-12-14 05:08 - 2013-08-05 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\EasySurvey\EasySurvey.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-12 10:51
 
==================== End Of Log ============================


#14 grumpyhumpy

grumpyhumpy
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:52 AM

Posted 13 January 2015 - 03:21 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by Julian at 2015-01-13 08:17:02
Running from C:\Users\Julian\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Altium Designer Summer 09 Viewer (HKLM-x32\...\{B142B87D-5524-49D0-A385-E8B59CF5C69B}) (Version: 9.3.0.19153 - Altium Limited)
AMD Catalyst Install Manager (HKLM\...\{9043E92C-183C-7633-0237-96CE00F5C909}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 184549642.4759644.48.2147344384 - Audible, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{198DFB43-9C28-4204-93ED-1545E3E467B8}) (Version: 1.0.2 - BBC)
Bitcasa version 1.1.6.18 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 1.1.6.18 - Bitcasa Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG6200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Cisco WebEx Meetings (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
CMake 2.8, a cross-platform, open-source build system (HKLM-x32\...\CMake 2.8.12.1) (Version: 2.8.12.1 - Kitware)
CodeBlocks (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
Cyberduck 4.4.3 (14140) (HKLM-x32\...\Cyberduck) (Version: 4.4.3 (14140) - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
Cytoscape 3.1.0 (HKLM\...\5211-3645-3154-2580) (Version: 3.1.0 - Cytoscape Consortium)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DEFIANCE (HKLM-x32\...\{2BF4B6A7-9AB3-4A2B-A84E-91B5CBDC0000}_is1) (Version:  - Trion Worlds, Inc.)
DefianceRuntimes (HKLM-x32\...\{79B1FF35-9EA8-48ED-98D6-19ABE004BE89}) (Version: 1.0.2 - Trion Worlds, Inc.)
DesignSpark Mechanical 1.0 (HKLM\...\{724120B5-FF8C-4337-A7EF-3C1E0FB6B92F}) (Version: 8.1.2 - RS Components)
DesignSpark PCB 6.1 (x32 Version: 6.1 - RS Components) Hidden
DesignSpark PCB Version 6.1 (HKLM-x32\...\InstallShield_{D50610AA-D25A-463B-98BF-E09585325711}) (Version: 6.1 - RS Components)
DisplayLink Core Software (HKLM\...\{F318CA5D-B6D5-42AD-A2B6-EFFB472EDA67}) (Version: 7.4.51572.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{8798C3B5-290E-447D-82E4-EB38E183CA39}) (Version: 7.4.51587.0 - DisplayLink Corp.)
Document Express DjVu Plug-in (HKLM-x32\...\{24349943-32CF-4768-B943-B68A047C84C5}) (Version: 6.1.34387 - Cuminas Corporation)
DraftSight x64 (HKLM\...\{9155EA6C-B377-4509-8C8C-0D6A915F7352}) (Version: 13.0.1081 - Dassault Systemes)
Dropbox (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
eDrawings 2014 x64 (HKLM\...\{411BC194-B48E-4EDD-B149-5F1A34D46825}) (Version: 14.0.5006 - Dassault Systèmes SolidWorks Corp)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Express Accounts (HKLM-x32\...\ExpressAccounts) (Version: 4.72 - NCH Software)
Express Burn (HKLM-x32\...\ExpressBurn) (Version:  - NCH Software)
Express Invoice (HKLM-x32\...\ExpressInvoice) (Version: 3.87 - NCH Software)
FileFort Backup (HKLM-x32\...\FileFort) (Version: 3.26 - NCH Software)
FlameRobin 0.9.3 (HKLM-x32\...\FlameRobin_is1) (Version:  - The FlameRobin Project)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Free Flash FLV Video Converter v3.0 (HKLM-x32\...\Free Flash FLV Video Converter (by minidvdsoft)_is1) (Version: 3.0 - www.minidvdsoft.com)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)
Git version 1.8.4-preview20130916 (HKLM-x32\...\Git_is1) (Version: 1.8.4-preview20130916 - The Git Development Community)
GitHub (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\5f7eb300e2ea4ebf) (Version: 2.3.1.1 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Google Chrome SxS) (Version: 41.0.2272.2 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.5.2152 (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\GoToMeeting) (Version: 7.0.5.2152 - CitrixOnline)
Graphite V9 SP0 (HKLM-x32\...\{3B659EC0-787E-4BD5-B7D6-BD1D494EC495}) (Version: 9.0.15 - Ashlar-Vellum)
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel AppUp® center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 45256 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 3.42 - NCH Software)
IPSetup version 2.0.0.0 (HKLM-x32\...\{216572F2-5179-4912-8FA3-5C7DE10C47AF}_is1) (Version: 2.0.0.0 - TRENDnet)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Leap Motion Software (HKLM-x32\...\Leap Services) (Version: 2.2.1.24116 - Leap Motion)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEO Encryption Software (HKLM-x32\...\Meo) (Version: 2.17 - NCH Software)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM-x32\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Miro Video Converter (HKLM-x32\...\Miro Video Converter) (Version: 0.8.0 - Participatory Culture Foundation)
Mobile App Sync (HKLM-x32\...\Mobile App Sync) (Version:  - Mobile App Sync) <==== ATTENTION!
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0 (x86 en-GB)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Music Transfer (x32 Version: 1.0 - Sony Corporation) Hidden
Music Transfer 1.0 (HKLM-x32\...\{4732FF2B-9DA1-4212-B782-772F68D43983}) (Version: 1.0 - Sony Corporation)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
Nmap 5.61-Spiceworks (HKLM-x32\...\Spiceworks-Nmap) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
NVIDIA CUDA Documentation 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDADocumentation_5.5) (Version: 5.5 - NVIDIA Corporation)
NVIDIA CUDA Samples 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_5.5) (Version: 5.5 - NVIDIA Corporation)
NVIDIA CUDA Samples 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDASamples_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 5.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_5.5) (Version: 5.5 - NVIDIA Corporation)
NVIDIA CUDA Toolkit 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAToolkit_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA CUDA Visual Studio Integration 6.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_CUDAVisualStudioIntegration_6.5) (Version: 6.5 - NVIDIA Corporation)
NVIDIA GPU Deployment Kit 340.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GDK) (Version: 340.62 - NVIDIA Corporation)
NVIDIA Nsight Tegra v1.6, Visual Studio Edition (HKLM-x32\...\{C5F03809-8BC0-402D-98CA-03B042B2FEFB}) (Version: 1.6.0.14227 - NVIDIA Corporation)
NVIDIA Nsight Visual Studio Edition 4.1.0.14204 (HKLM\...\{FEDB4463-83C0-4259-B119-5FE9C64A277F}) (Version: 4.1.0.14204 - NVIDIA Corporation)
NVIDIA PerfHUD ES Tegra (HKLM-x32\...\{207C2D06-4314-4E2D-B72B-843FB7C6B745}) (Version: 1.0 - )
NVIDIA Tegra Android Development Pack 3.0r3 (HKLM-x32\...\NVIDIA Tegra Android Development Pack 3.0r3) (Version: 3.0r3 - NVIDIA Corporation)
NVIDIA Tegra Graphics Debugger v1.1 (HKLM-x32\...\{09C51D11-2D1F-451A-BBDB-715B26DB1A37}) (Version: 1.1.14212 - NVIDIA Corporation)
NVIDIA Tegra System Profiler v2.1 (HKLM\...\{E32AFF61-A63E-47DC-AA87-A19B79F5BE1F}) (Version: 2.1.0.13311 - NVIDIA Corporation)
NVIDIA Tools Extension SDK (NVTX) - 64 bit (HKLM\...\{4D983759-07FC-4571-BB59-58C9BBADECC5}) (Version: 1.00.00.00 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.23 - NVIDIA Corporation)
O&O Syspectr (HKLM-x32\...\{90D911A0-F61E-40E7-AF70-9945D89D82A1}) (Version: 0.23.20 - O&O Software GmbH)
OEM Application Profile (HKLM-x32\...\{EE55B368-EBDF-98F3-CFE7-7CE4ADBC4553}) (Version: 1.00.0004 - Advanced Micro Devices, Inc.)
Online Support(S Service) (HKLM-x32\...\{1F6C00DE-EC7C-4BEF-B626-FF5F1283EE1C}) (Version: 1.1 - Samsung Electronics CO., LTD.)
OpenMG Secure Module 5.0.00 (HKLM-x32\...\InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}) (Version: 5.0.00.11280 - Sony Corporation)
OpenMG Secure Module 5.0.00 (x32 Version: 5.0.00.11280 - Sony Corporation) Hidden
openobd (HKLM-x32\...\openobd) (Version: 0.5.0 - Simon Booth)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
PagePlusX7ContentDeclaration (x32 Version: 1.0.0.0 - Serif (Europe) Ltd) Hidden
PDC International (HKLM-x32\...\{56431B20-78FA-4252-9714-86737A5918E0}) (Version: 3.7.00.0053 - ABB Striebel & John)
PDC International (x32 Version: 3.7.00.0053 - ABB Striebel & John) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
PowerXpressHybrid (HKLM-x32\...\{51FDC2DE-0917-46B7-EAEC-5377504701DE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prezi (HKLM-x32\...\{BD44409B-A691-4B97-B33D-F07E1DE791F3}) (Version: 5.0.9 - Prezi.com)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7299 - Realtek Semiconductor Corp.)
Realtime Landscaping Architect 2013 Trial (HKLM-x32\...\{9091C2CE-5FC4-4742-B8D7-EDCEA4BD0C0E}) (Version: 5.1.5 - Idea Spectrum)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.14 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.48 - Samsung Electronics CO., LTD.) Hidden
SADP (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 2.00.0000 - company)
Samsung Link (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.8.0.39 - Samsung Electronics CO., LTD.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Serif PagePlus X7 (HKLM\...\{CB487BBA-A1AC-4B2B-80AC-DED349C897C5}) (Version: 17.0.3.28 - Serif (Europe) Ltd)
Serif WebPlus X6 (HKLM-x32\...\{C7B3C4B4-D6E1-4E5D-8428-1FB7111944B9}) (Version: 14.0.2.25 - Serif (Europe) Ltd)
Serif WebPlus X7 (HKLM\...\{DDC54AEA-0ED0-4F2F-9C3C-7C382D80B5FB}) (Version: 15.0.3.35 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SkyShellEx(x64) (HKLM\...\{E647DC7E-3FCD-41FB-8D82-8DA74EF5283C}) (Version: 1.0.1 - Coronox)
SmartDraw 2014 (HKLM-x32\...\SmartDraw 2014) (Version:  - SmartDraw, LLC)
SolidWorks eDrawings 2013 x64 (HKLM\...\{D6E664EC-570A-4E18-96B8-7CEFFEED9370}) (Version: 13.4.107 - Dassault Systèmes SolidWorks Corp)
Spiceworks (HKLM-x32\...\Spiceworks) (Version: 7.1.00035 - Spiceworks, Inc.)
Spotify (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Support Center (HKLM\...\{AB0DEFBB-1A16-47B5-86D2-39F0A2B24AE4}) (Version: 2.1.1210 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{E74136C1-4ABE-44A2-8141-469818312175}) (Version: 2.2.0 - Samsung Electronics CO., LTD.)
System Explorer 5.9.3 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Touchless For Windows (HKLM-x32\...\Touchless) (Version: 7287.0.0 - Leap Motion)
TurboCASH4.5.2 - (Build 838) (HKLM-x32\...\TurboCASH4_is1) (Version:  - Philip Copeman)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
video sanctuary 2.0 (HKLM-x32\...\{D0FA1351-C305-49CF-BD82-67D1586B5186}) (Version: 1.0.0 - VSS Technologies)
VideoDownloaderUltimate (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.25 - Link64)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version:  - )
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
WinFi (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\d789700f615dd55d) (Version: 1.0.0.9 - Kerkia)
WinPcap 4.1.2-Spiceworks (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
Workspace Desktop (HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\workspacedesktop) (Version:  - Starfield Technologies)
Xara Photo & Graphic Designer 6 SE (HKLM-x32\...\MAGIX_{A377E5C7-A05C-478C-BEA7-9203D896DF13}) (Version: 6.1.3.24817 - Xara Group Ltd)
Xara Photo & Graphic Designer 6 SE (Version: 6.1.3.24817 - Xara Group Ltd) Hidden
Xara Photo & Graphic Designer 7 SE (HKLM-x32\...\MX.{8D7723BF-7CD9-49D5-BFC6-9D27B6D7C620}) (Version: 7.1.3.30976 - Xara Group Ltd)
Xara Photo & Graphic Designer 7 SE (Version: 7.1.3.30976 - Xara Group Ltd) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2272.2\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Julian\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Julian\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Julian\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{F654F1BF-54D9-4A2E-B703-889091D3CB2D}\InprocServer32 -> C:\Program Files (x86)\Ashlar-Vellum\Graphite V9 SP0\AshlarW7PreviewHandler_x64.dll ()
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2027014631-3366834958-3693072843-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Julian\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
24-12-2014 07:57:37 Windows Update
05-01-2015 12:11:10 Windows Update
08-01-2015 10:07:43 zoek.exe restore point
12-01-2015 04:04:11 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 13:25 - 2015-01-07 14:35 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {033C6DA5-9A24-4D4B-95EB-39A7A315EF88} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2027014631-3366834958-3693072843-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {0FD202B1-EEB6-4ECF-A1CA-4C2361CA5E97} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2027014631-3366834958-3693072843-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {11E41AAF-278E-4B89-A18E-D16425F0B2BE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2027014631-3366834958-3693072843-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {16E28475-A692-4284-96BB-64E4941C5117} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {289DEF82-0439-4F93-9BEC-807481A53858} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {2B2BFE94-7660-4435-951B-5A28AED86F04} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-23] (AVAST Software)
Task: {2D93C0E2-648F-414A-AC38-8455755F7DE7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {366B4D10-BB06-4696-87D3-B7BDF6FD8677} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe [2012-08-13] ()
Task: {38A8DF24-A58B-4C5F-87F6-12C29D14842E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {48E4A667-7B89-4FB2-B5CC-878D19CA8F92} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-07-16] (Realtek Semiconductor)
Task: {558443D8-9CF5-47C6-8189-DE3B2F386CF3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2027014631-3366834958-3693072843-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {5FA12D95-91AA-4896-9284-09D802610348} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2012-05-24] (Absolute Software)
Task: {6A93FA23-05DB-4421-8AF9-6F0AF5BB62F5} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-06-02] (Samsung Electronics CO., LTD.)
Task: {6E5F75B1-64EA-4CDD-B9DE-DC7FB687949A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-15] (Adobe Systems Incorporated)
Task: {8D79108D-A58B-427D-B307-B8EAC54160FA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001UA => C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-24] (Google Inc.)
Task: {90E4D20F-1694-4A28-B328-0180BD39D301} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-juleshum@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {941F8B29-F83F-4855-BF2D-C85C4B429C6A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001 => C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe [2015-01-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {96738380-37F1-42D0-B806-15A1F937B9A6} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-07-18] (Realtek Semiconductor)
Task: {9D709B51-1135-4ADE-82D0-EF4BD2ECA1E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {9E130D1D-8FA3-40D1-BB8C-E3784604F4FF} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2014-08-06] (SEC)
Task: {A57676B7-8742-481C-ADAD-B769AD38EED5} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe
Task: {B1101092-9C66-451D-972B-2C92BA4E7F61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {B348C739-64CF-4116-9F10-031A9470CD98} - System32\Tasks\avastBCLRestartS-1-5-21-2027014631-3366834958-3693072843-1001 => Chrome.exe 
Task: {B5D9BD4D-4985-4C13-8356-48D0FE4DA43C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {BB1DEF36-307D-462D-8674-9D9EF9502374} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001Core => C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-24] (Google Inc.)
Task: {CB995A58-418B-4A8D-BCAA-8BF01B1C252D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {CD68FF79-8938-401B-9DC3-9B9B65AE72C4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D66BDC33-2DFB-42CE-B203-EEB92A8A0839} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D8E0B370-8D1D-46EC-A0C9-ECEE5D00C938} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E85EC250-F855-40F4-918C-B84D5F50C2F7} - System32\Tasks\{DBC041D3-D76B-4696-9904-5F2B8AAED8E8} => pcalua.exe -a C:\Users\Julian\Downloads\Ext2Fsd-0.51.exe -d C:\Users\Julian\Downloads
Task: {EF3B9D24-1DAB-4EE7-A21A-B6931A8ACA33} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe [2012-08-13] ()
Task: {F160AEAF-7AFF-46B4-A5D9-5EF92927DD0C} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2014-11-28] (RealNetworks, Inc.)
Task: {F5DA7CE8-78A9-44CE-BDF6-E4CF2FC7EB6F} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {FAE3D013-3F7D-45DE-A714-DFDEFFD5FCF8} - System32\Tasks\SamsungLinkPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2027014631-3366834958-3693072843-1001.job => C:\Users\Julian\AppData\Local\Citrix\GoToMeeting\2152\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001Core.job => C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2027014631-3366834958-3693072843-1001UA.job => C:\Users\Julian\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (Local).job => C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\Program Files (x86)\SmartDraw 2014\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-26 22:59 - 2014-10-26 22:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 05:41 - 2014-10-30 05:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-11-27 17:26 - 2014-11-27 17:26 - 00105208 _____ () C:\Program Files (x86)\OO Software\Syspectr\OOSysEngine.XmlSerializers.dll
2014-11-23 17:27 - 2014-11-23 17:27 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-23 17:27 - 2014-11-23 17:27 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-11-27 08:11 - 2014-02-21 12:17 - 00313856 _____ () C:\Program Files\Bitcasa\ExplorerMenu.dll
2013-11-27 08:11 - 2014-02-21 12:06 - 02064384 _____ () C:\Program Files\Bitcasa\bitcasaui.dll
2014-06-02 13:49 - 2014-06-02 13:49 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-01-11 05:48 - 2015-01-11 03:17 - 01529672 _____ () C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2272.2\libglesv2.dll
2015-01-11 05:48 - 2015-01-11 03:17 - 00091976 _____ () C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2272.2\libegl.dll
2015-01-11 05:48 - 2015-01-11 03:17 - 11280200 _____ () C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2272.2\pdf.dll
2015-01-11 05:48 - 2015-01-11 03:17 - 26725704 _____ () C:\Users\Julian\AppData\Local\Google\Chrome SxS\Application\41.0.2272.2\PepperFlash\pepflashplayer.dll
2015-01-12 09:32 - 2015-01-12 09:32 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011200\algo.dll
2014-11-23 17:27 - 2014-11-23 17:27 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-13 07:54 - 2015-01-13 07:54 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011300\algo.dll
2014-07-21 20:26 - 2014-11-28 11:12 - 00865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 05:41 - 2014-10-30 05:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 12:20 - 2014-01-29 12:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-11-23 17:27 - 2014-11-23 17:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Julian\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Bluetooth Device Monitor => 2
MSCONFIG\Services: Bluetooth OBEX Service => 2
MSCONFIG\Services: BTHSSecurityMgr => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: DefaultTabSearch => 2
MSCONFIG\Services: DisplayLinkService => 2
MSCONFIG\Services: Easy Launcher => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: ExpressAccountsService => 3
MSCONFIG\Services: ExpressInvoiceService => 3
MSCONFIG\Services: File Backup => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: Intel® Wireless Bluetooth® 4.0 Radio Management => 2
MSCONFIG\Services: IntelliMemory => 2
MSCONFIG\Services: InventoriaService => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LeapService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MSCSPTISRV => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: PACSPTISVR => 3
MSCONFIG\Services: PDF Architect Helper Service => 2
MSCONFIG\Services: PDF Architect Service => 2
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: spiceworks => 2
MSCONFIG\Services: SPTISRV => 3
MSCONFIG\Services: SWUpdateService => 2
MSCONFIG\Services: Updater Service for AMZN => 2
MSCONFIG\Services: VMAuthdService => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\WINDOWS\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Julian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\WINDOWS\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Communicator => "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Bitcasa"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "RtHDVBg_SRSSA"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "FileFort"
HKLM\...\StartupApproved\Run32: => "Intel AppUp® center"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "2BB777B4D97D5CBA4F37597096A565E0D6CA792C._service_run"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "MobileAppSync"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Workspace Status"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "wben"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Starfield Updater"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Leap Control Panel"
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\StartupApproved\Run: => "Obrona Block Ads"
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-2027014631-3366834958-3693072843-1026 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2027014631-3366834958-3693072843-500 - Administrator - Disabled)
Guest (S-1-5-21-2027014631-3366834958-3693072843-501 - Limited - Disabled)
Julian (S-1-5-21-2027014631-3366834958-3693072843-1001 - Administrator - Enabled) => C:\Users\Julian
 
==================== Faulty Device Manager Devices =============
 
Name: AMD Radeon HD 8800M Series
Description: AMD Radeon HD 8800M Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/13/2015 08:11:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 16d0
 
Start Time: 01d02f07646a656e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: b72c7421-9afb-11e4-bf29-1867b02c3d0a
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/13/2015 08:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Faulting module name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Exception code: 0xc0000417
Fault offset: 0x000000000002a6ac
Faulting process ID: 0x167c
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report ID: igfxext.exe3
Faulting package full name: igfxext.exe4
Faulting package-relative application ID: igfxext.exe5
 
Error: (01/12/2015 02:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Faulting module name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Exception code: 0xc0000417
Fault offset: 0x000000000002a6ac
Faulting process ID: 0x16f0
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report ID: igfxext.exe3
Faulting package full name: igfxext.exe4
Faulting package-relative application ID: igfxext.exe5
 
Error: (01/12/2015 10:55:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Faulting module name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Exception code: 0xc0000417
Fault offset: 0x000000000002a6ac
Faulting process ID: 0x16c0
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report ID: igfxext.exe3
Faulting package full name: igfxext.exe4
Faulting package-relative application ID: igfxext.exe5
 
Error: (01/12/2015 10:40:14 AM) (Source: syspectr) (EventID: 0) (User: )
Description: System.UnhandledExceptionEventArgs
 
Error: (01/12/2015 10:40:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Faulting module name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Exception code: 0xc0000417
Fault offset: 0x000000000002a6ac
Faulting process ID: 0xc74
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report ID: igfxext.exe3
Faulting package full name: igfxext.exe4
Faulting package-relative application ID: igfxext.exe5
 
Error: (01/12/2015 09:44:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1330
 
Start Time: 01d02e4b8ad8354d
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: 7a81c161-9a3f-11e4-bf26-1867b02c3d0a
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/12/2015 09:38:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Faulting module name: igfxext.exe, version: 8.15.10.3304, time stamp: 0x522e04ab
Exception code: 0xc0000417
Fault offset: 0x000000000002a6ac
Faulting process ID: 0xf04
Faulting application start time: 0xigfxext.exe0
Faulting application path: igfxext.exe1
Faulting module path: igfxext.exe2
Report ID: igfxext.exe3
Faulting package full name: igfxext.exe4
Faulting package-relative application ID: igfxext.exe5
 
Error: (01/12/2015 04:15:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (01/12/2015 04:08:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
 
System errors:
=============
Error: (01/13/2015 08:03:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1070
 
Error: (01/13/2015 08:03:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service did not respond on starting.
 
Error: (01/13/2015 08:01:43 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service did not respond on starting.
 
Error: (01/13/2015 07:57:00 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%1009
 
Error: (01/13/2015 07:56:54 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The VMware USB Arbitration Service service did not respond on starting.
 
Error: (01/13/2015 07:54:39 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%1009
 
Error: (01/13/2015 07:53:28 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%1009
 
Error: (01/13/2015 07:53:21 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%1009
 
Error: (01/13/2015 07:53:20 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: The LoadUserProfile call failed with the following error: 
%%1009
 
Error: (01/13/2015 07:52:58 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!
 
 
Microsoft Office Sessions:
=========================
Error: (01/13/2015 08:11:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068916d001d02f07646a656e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exeb72c7421-9afb-11e4-bf29-1867b02c3d0amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/13/2015 08:03:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxext.exe8.15.10.3304522e04abigfxext.exe8.15.10.3304522e04abc0000417000000000002a6ac167c01d02f07658d47e0C:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxext.exea7cc850a-9afa-11e4-bf29-1867b02c3d0a
 
Error: (01/12/2015 02:39:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxext.exe8.15.10.3304522e04abigfxext.exe8.15.10.3304522e04abc0000417000000000002a6ac16f001d02e759cea83d8C:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxext.exedcedc094-9a68-11e4-bf28-1867b02c3d0a
 
Error: (01/12/2015 10:55:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxext.exe8.15.10.3304522e04abigfxext.exe8.15.10.3304522e04abc0000417000000000002a6ac16c001d02e563abfdc0fC:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxext.exe7b44cd4a-9a49-11e4-bf27-1867b02c3d0a
 
Error: (01/12/2015 10:40:14 AM) (Source: syspectr) (EventID: 0) (User: )
Description: System.UnhandledExceptionEventArgs
 
Error: (01/12/2015 10:40:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxext.exe8.15.10.3304522e04abigfxext.exe8.15.10.3304522e04abc0000417000000000002a6acc7401d02e5421958359C:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxext.exe6051de81-9a47-11e4-bf26-1867b02c3d0a
 
Error: (01/12/2015 09:44:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689133001d02e4b8ad8354d4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe7a81c161-9a3f-11e4-bf26-1867b02c3d0amicrosoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (01/12/2015 09:38:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: igfxext.exe8.15.10.3304522e04abigfxext.exe8.15.10.3304522e04abc0000417000000000002a6acf0401d02e4b907853b5C:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxext.exed4920aa2-9a3e-11e4-bf26-1867b02c3d0a
 
Error: (01/12/2015 04:15:07 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe
 
Error: (01/12/2015 04:08:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Program Files (x86)\Cuminas\Document Express DjVu Plug-in\DjVuViewer.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-24 05:10:40.446
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-23 17:40:09.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-07-21 12:08:20.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.609
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.547
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.425
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.205
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.127
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:44.079
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-27 06:44:43.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 46%
Total physical RAM: 8078.89 MB
Available physical RAM: 4309 MB
Total Pagefile: 8078.9 MB
Available Pagefile: 2810.11 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:908.34 GB) (Free:616.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================


#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:52 AM

Posted 13 January 2015 - 04:55 PM

Hi grumpyhumpy
 
As this is a Business machine, I will have to ask about these programs:-
 
Google Chrome Canary - This is mainly used for Developers and Testers, but can be installed and exploited with malware
Mobile App Sync - AV companies to flag this software as it can be installed via malware - http://www.shouldiremoveit.com/Mobile-App-Sync-42874-program.aspx
 
If you don't use the programs above, I would suggest you uninstall them.

Step 1

 

Please move FRST to your Desktop

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CloseProcesses:
HKU\S-1-5-21-2027014631-3366834958-3693072843-1001\...\MountPoints2: {e6a9bff8-f8f9-11e2-be7d-c8f733e7b674} - "F:\autorun.exe" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S4 Xoceancessivellid; C:\Program Files (x86)\Xoceancessivellid\Xoceancessivellid.exe [X]
C:\Program Files (x86)\Xoceancessivellid\
C:\Users\EasySurvey\EasySurvey.exe
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.
 
Step 2

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

Edited by seedy21, 13 January 2015 - 04:57 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users