Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware periodically creating folders & files Temp1_ * .zip in appdata/local/tem


  • This topic is locked This topic is locked
13 replies to this topic

#1 goodend

goodend

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 03 March 2015 - 11:32 PM

can't identify malware periodically creating folders & files Temp1_ * .zip in appdata/local/temp

 

have situation very similar to:

Malware creating files in appdata/local/temp & hijacking admin rights Started by sarvalito, May 15 2013 01:03 AM
http://www.bleepingcomputer.com/forums/t/494585/malware-creating-files-in-appdatalocaltemp-hijacking-admin-rights/
or
Lost 10 GB of HD space in a few days Started by Antonio724, Feb 04 2015 01:04 AM
http://www.bleepingcomputer.com/forums/t/565578/lost-10-gb-of-hd-space-in-a-few-days/

can't identify what process or malware periodically creating (copying from different locations) folders & files in:
 appdata/local/temp (i.e. %TEMP%)
with the same pattern in name:
 Temp1_ *FILENAME* .zip

have found, that it maybe related to Google desktop or Windows indexing service http://www.vistax64.com/vista-file-management/190000-how-can-i-stop-temp-folder-expanding-take-over-my-whole-system-disk.html
but i've not have GDS and stopped win indexing

Any idea why this is happening, and how do I disable it? Could Windows Search be the culprit?
Look forward to any advice on this.

 

below is FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by GoodEnd (administrator) on GOODEND-DELAZ on 04-03-2015 05:34:34
Running from C:\Users\GoodEnd\Desktop\_antivirus\01 FRST64
Loaded Profiles: GoodEnd (Available profiles: GoodEnd & Guest)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Simon Steele (Echo Software)) C:\Program Files (x86)\Programmer's Notepad\pn.exe
(PortableApps.com) E:\PA\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(PortableApps.com) E:\PA\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\firefox.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\plugin-container.exe
(Google) C:\Users\GoodEnd\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-09-16] (Intel Corporation)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5564104 2014-09-05] (Kakao Inc.)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
BootExecute: ampa
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?scope=web&mkt=en-US&FORM=IE10SR
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Tcpip\..\Interfaces\{50B1214A-DFB3-4B11-AED1-58731002F4A1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D101DAE4-B7C3-4BF5-91B2-8A7F85D09999}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @citrixonline.com/appdetectorplugin -> C:\Users\GoodEnd\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/O1DPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Customize Your Web - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\customizeyourweb@mouseless.de [2014-12-13]
FF Extension: DevSearch - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\devsearch@penzil.com [2014-12-13]
FF Extension: DOM Inspector Plus! [dm] - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector-dp@mozilla.org [2014-12-15]
FF Extension: DOM Inspector - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector@mozilla.org [2014-12-16]
FF Extension: Tab Groups Helper - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabgroupshelper@kevinallasso.org [2015-01-25]
FF Extension: TableTools2 - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabletools2@mingyi.org [2014-12-13]
FF Extension: YouTube Unblocker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-15]
FF Extension: Liquid Words - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2014-12-13]
FF Extension: Diigo Toolbar - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2014-08-19]
FF Extension: Autofill Forms - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-12]
FF Extension: Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-13]
FF Extension: Firefinder for Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firefinder@robertnyman.com.xpi [2014-12-13]
FF Extension: FirePath - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\FireXPath@pierre.tholence.com.xpi [2014-12-13]
FF Extension: HeadingsMap - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\headings@niquelheadings.net.xpi [2014-12-13]
FF Extension: ProxTube - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\ich@maltegoetz.de.xpi [2014-12-15]
FF Extension: Google search link fix - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-12-15]
FF Extension: Lightbeam - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-12-11]
FF Extension: Official My JDownloader Add-On - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2014-09-04]
FF Extension: Tab Counter - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabcounter@morac.xpi [2015-02-12]
FF Extension: UploadScreenshot.com Capture - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\uss-button@uploadscreenshot.com.xpi [2014-12-11]
FF Extension: xpath finder - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\xpath_finder@xpath_finder.com.xpi [2014-12-13]
FF Extension: Resurrect Pages - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2014-12-13]
FF Extension: Clean Links - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-12-15]
FF Extension: xpathprototyping - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{15b08099-6b77-43bc-8e70-69b85eeef09d}.xpi [2014-12-13]
FF Extension: XmlUtils - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{2fb6bf28-e829-4804-ab69-3bdb7d5fa997}.xpi [2014-12-13]
FF Extension: LinkWalker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{398BEB7C-752C-4378-87EA-D775CE1FD9B9}.xpi [2014-12-13]
FF Extension: XPath Checker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}.xpi [2014-12-13]
FF Extension: QuickTime Plugin - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{85c379fe-b97f-4ae6-88f9-4086c494b77e}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]
FF Extension: {e621d201-3005-463f-b8e2-4d12b385773f} - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi [2014-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\MozillaFFNightly\firefox.exe

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1418982105&from=free&uid=SAMSUNGXHN-M500MBB_S2R7J1DB701610
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitford) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjcpjkkccmhfopfciohkkfolnjbbdoh [2014-09-04]
CHR Extension: (Regex Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2014-03-17]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-29]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-21]
CHR Extension: (Google Docs) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (CSS Selector Tester) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbklnaodgoocmcdejoalmbjihhdkbfon [2014-09-04]
CHR Extension: (Table2CSV) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjpegmibcoolkaoloohgjcagfhifiah [2014-03-21]
CHR Extension: (Warehouse) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmlfjedmpigingginfielgaemionchf [2014-03-17]
CHR Extension: (Designer Tools) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\begphfmcgdepfkoofbpkfcnimdeocadd [2014-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Web Developer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-04]
CHR Extension: (ColorZilla) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-09-04]
CHR Extension: (Cloud Kite) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\biagdapeolcddppdgcocjkdjfhlodegf [2014-09-04]
CHR Extension: (MEGA) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-05-12]
CHR Extension: (YouTube) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Strict Workflow) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-03-21]
CHR Extension: (Maestro BPM) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chldapjgnddmiimikjihplihdggkmhmm [2014-09-04]
CHR Extension: (OneTab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-09-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-04]
CHR Extension: (RegExp Tester App) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmblmkfaijaadfjapjddbeaoffeccib [2014-03-17]
CHR Extension: (Google Search) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Snip to drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfklphbiceofdlbejbgglhdgdajliphg [2014-03-21]
CHR Extension: (Remove Google Redirection) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2014-11-18]
CHR Extension: (Session Buddy) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-09-04]
CHR Extension: (Table-of-contents-crx) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeknhipceeelbgdbcmchicoaoalfdnhi [2014-03-21]
CHR Extension: (XV — XML Viewer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2014-03-17]
CHR Extension: (Tabs Outliner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-21]
CHR Extension: (My JDownloader) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2014-03-21]
CHR Extension: (Morphine) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2014-03-21]
CHR Extension: (Page Code Reverser) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\feobacmbekoonbggodgigfopfnfiggdn [2014-03-21]
CHR Extension: (XML Tree) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-03-21]
CHR Extension: (KustomNote) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbhnopbeccehmeofkcegmekomjhdenp [2014-09-04]
CHR Extension: (Save to Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-03-21]
CHR Extension: (Show Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2014-11-23]
CHR Extension: (IE Tab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-26]
CHR Extension: (Post to WordPress) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej [2014-09-04]
CHR Extension: (Google Keep - notes and lists) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-17]
CHR Extension: (Cool Clock) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-03-21]
CHR Extension: (Table Capture) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2014-03-17]
CHR Extension: (ProxMate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-11-24]
CHR Extension: (Save this page with CleanSave) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplagehfoafmmjppeijnpkohihcllici [2014-09-04]
CHR Extension: (WordPress Plugin Sniffer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdmbobghippoogeagbcimaolcfbjoihk [2014-09-04]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-09-04]
CHR Extension: (Web Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2014-03-17]
CHR Extension: (Speed Dial 2) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2014-09-04]
CHR Extension: (Open Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2014-11-23]
CHR Extension: (table to csv) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\khobgoemenoleeedfbilehnpoelmkbko [2014-03-17]
CHR Extension: (Mohiomap) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2014-09-04]
CHR Extension: (Diigo Web) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2014-03-17]
CHR Extension: (The Great Suspender) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-03-17]
CHR Extension: (Auto HD For YouTube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-04]
CHR Extension: (Business Process Simulator) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagcfcefblfnmjkkkdekiidfefhgodmk [2014-09-04]
CHR Extension: (XPath) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbghbpofdlcecfbpjgmffnkieenjkboi [2014-09-04]
CHR Extension: (Text compare, Diff Tools for Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcdojpmjehlniamnglpjlldkoonlomb [2014-09-04]
CHR Extension: (rigrr) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkefodmoklnelkhifkakjlgncijfnnf [2014-03-21]
CHR Extension: (Quick Note) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-03-21]
CHR Extension: (GetThemAll Downloader) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-04]
CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (DataMiner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2014-03-21]
CHR Extension: (Mural.ly) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2014-09-04]
CHR Extension: (CCTV View) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj [2014-03-17]
CHR Extension: (Enable the editor) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelggcmknbjmhkpgjfhakedcfnkgbdpg [2014-09-04]
CHR Extension: (ColorPick Eyedropper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-09-04]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-07-29]
CHR Extension: (Pomodoro) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\opodpodbjdmaealpookfkofenoboahfe [2014-03-21]
CHR Extension: (4chan Plus) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-09-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-04]
CHR Extension: (Gmail) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
S2 HPSLPSVC; C:\Users\GoodEnd\AppData\Local\Temp\7zS0742\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-02-26] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PORTMON; E:\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS [28656 2015-02-24] (Systems Internals) [File not signed]
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2015-02-25] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)
S3 atikmdag; \SystemRoot\system32\DRIVERS\atikmdag.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect64.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 R300; \SystemRoot\system32\DRIVERS\atikmdag.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 01:46 - 2015-03-04 01:46 - 00002040 _____ () C:\Users\GoodEnd\Desktop\Remove Avira PC Cleaner.lnk
2015-03-04 01:46 - 2015-03-04 01:46 - 00001984 _____ () C:\Users\GoodEnd\Desktop\Avira PC Cleaner.lnk
2015-03-04 01:31 - 2015-03-04 01:31 - 00001259 _____ () C:\Users\GoodEnd\Desktop\FirefoxPortable.exe - Shortcut.lnk
2015-03-03 10:23 - 2015-03-03 10:23 - 00199300 _____ () C:\ProgramData\1425370791.bdinstall.bin
2015-03-03 10:21 - 2015-03-03 10:21 - 00002134 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-03-03 10:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-03-03 10:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-03-03 10:20 - 2015-03-03 10:21 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-03 10:20 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-03-03 10:20 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-03-03 09:53 - 2015-03-03 09:53 - 00000725 _____ () C:\Users\GoodEnd\Desktop\BitDefender_Antivirus_Free_Edition.exe - Shortcut.lnk
2015-03-03 07:57 - 2015-03-03 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48A01207.sys
2015-03-03 05:35 - 2015-03-03 09:22 - 00000000 ____D () C:\KVRT_Data
2015-03-02 12:48 - 2015-03-02 12:49 - 02209668 _____ () C:\Users\GoodEnd\Downloads\wsusoffline952.zip
2015-03-02 12:18 - 2015-03-02 12:23 - 00290194 _____ () C:\Users\GoodEnd\Desktop\GetSystemInfo_GOODEND-DELAZ_GoodEnd_2015_03_02_12_17_07.zip
2015-03-02 12:06 - 2015-03-02 12:06 - 00001500 _____ () C:\Users\GoodEnd\Desktop\w81update - Shortcut.lnk
2015-03-02 12:05 - 2015-03-02 12:05 - 00002132 _____ () C:\Users\GoodEnd\Desktop\Startup - Shortcut.lnk
2015-03-02 11:15 - 2015-03-02 11:15 - 00000658 _____ () C:\Users\GoodEnd\Desktop\batW8 - Shortcut.lnk
2015-03-02 10:40 - 2015-03-02 10:40 - 00137205 _____ () C:\Users\GoodEnd\Downloads\Microsoft posts tips for overcoming Windows 8.1 Update KB 2919355 errors _ InfoWorld.html
2015-03-01 16:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-01 09:46 - 2015-03-01 09:47 - 00294392 _____ () C:\Windows\Minidump\030115-45109-01.dmp
2015-03-01 09:46 - 2015-03-01 09:46 - 698376508 _____ () C:\Windows\MEMORY.DMP
2015-02-28 21:29 - 2015-02-28 21:29 - 00002259 _____ () C:\Windows\epplauncher.mif
2015-02-28 04:09 - 2015-02-28 04:09 - 00001333 _____ () C:\Users\GoodEnd\Desktop\Windows-KB890830-x64-V5.21.exe - Shortcut.lnk
2015-02-28 04:09 - 2015-02-28 04:09 - 00001189 _____ () C:\Users\GoodEnd\Desktop\MSEInstall.exe - Shortcut.lnk
2015-02-28 04:09 - 2015-02-28 04:09 - 00000881 _____ () C:\Users\GoodEnd\Desktop\1 - Shortcut.lnk
2015-02-27 16:25 - 2015-03-04 01:13 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\CrashDumps
2015-02-27 15:16 - 2015-02-27 15:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-26 00:53 - 2015-02-26 00:53 - 00000672 _____ () C:\Windows\system32\.crusader
2015-02-26 00:37 - 2015-02-26 00:37 - 00003306 _____ () C:\Windows\System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C}
2015-02-26 00:31 - 2015-02-26 00:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-26 00:31 - 2015-02-26 00:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-26 00:19 - 2015-02-26 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-26 00:18 - 2015-02-26 02:09 - 00000000 ____D () C:\Users\GoodEnd\Desktop\mbar
2015-02-25 23:15 - 2015-03-04 04:49 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 23:15 - 2015-02-26 00:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 23:15 - 2015-02-25 23:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 23:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 23:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 22:13 - 2015-03-03 10:19 - 00000000 ____D () C:\Program Files\MozillaFFNightly
2015-02-25 22:10 - 2015-02-25 22:10 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-25 22:10 - 2015-02-25 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-25 21:31 - 2015-02-25 21:31 - 00001135 _____ () C:\Users\GoodEnd\Desktop\log - Shortcut.lnk
2015-02-25 12:39 - 2015-03-01 17:55 - 00003632 _____ () C:\Windows\PFRO.log
2015-02-25 11:46 - 2015-02-23 07:10 - 00001198 _____ () C:\Users\GoodEnd\Desktop\TEMP - Shortcut appdata local.lnk
2015-02-25 04:53 - 2015-02-25 04:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-25 04:44 - 2015-01-09 08:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 04:44 - 2015-01-09 07:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 07:00 - 2015-02-24 07:00 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-24 06:58 - 2015-02-24 06:58 - 00470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:57 - 2015-02-24 06:57 - 00212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:48 - 2015-02-24 18:58 - 00000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 00000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2015-02-24 05:53 - 2015-03-04 04:31 - 01294167 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 04:47 - 2015-03-04 01:59 - 00000000 ____D () C:\Users\GoodEnd\Desktop\_antivirus
2015-02-24 04:47 - 2015-03-01 16:24 - 05612482 ____R (Swearware) C:\Users\GoodEnd\Desktop\ComboFix.exe
2015-02-24 04:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-24 04:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-24 04:17 - 2015-03-01 17:40 - 00000000 ____D () C:\Qoobox
2015-02-24 04:14 - 2015-02-24 05:05 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 03:50 - 2015-03-04 05:35 - 00000000 ____D () C:\FRST
2015-02-24 02:51 - 2015-03-03 10:21 - 00001209 _____ () C:\Windows\setupact.log
2015-02-24 02:51 - 2015-02-24 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 02:45 - 2015-02-24 02:45 - 00000776 _____ () C:\Users\GoodEnd\Desktop\PortableApps - Shortcut.lnk
2015-02-24 02:41 - 2015-02-24 02:41 - 00003122 _____ () C:\Windows\System32\Tasks\startupcleantemp
2015-02-24 02:38 - 2015-03-03 10:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupRem
2015-02-23 06:45 - 2015-02-28 22:27 - 00000000 ____D () C:\Windows\pss
2015-02-22 03:23 - 2015-02-22 03:23 - 00003770 _____ () C:\Users\GoodEnd\Documents\ForceSynchronizeTime.xml
2015-02-22 00:36 - 2015-02-22 00:36 - 00000902 _____ () C:\Users\GoodEnd\Downloads\_codeplex.com - Shortcut.lnk
2015-02-21 17:55 - 2015-02-21 17:59 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_ideas
2015-02-21 01:18 - 2015-02-21 01:18 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_hardware
2015-02-20 21:37 - 2015-02-20 21:37 - 00001061 _____ () C:\Users\GoodEnd\Desktop\lie to me s01 02 03- - Shortcut.lnk
2015-02-20 05:50 - 2015-02-21 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-20-03-50-41.093-AvastVBoxSVC.exe-4652.log
2015-02-20 04:01 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-20 04:00 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-02-20 03:08 - 2015-02-20 04:00 - 00003408 _____ () C:\Windows\System32\Tasks\BASIC TASK daily routine
2015-02-20 03:02 - 2015-02-20 04:06 - 00000610 _____ () C:\Users\GoodEnd\Documents\daily.txt
2015-02-18 12:25 - 2015-02-18 12:25 - 00001160 _____ () C:\Users\GoodEnd\Desktop\VP Suite 5.0 - Shortcut.lnk
2015-02-18 12:25 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-25-42.081-aswFe.exe-6800.log
2015-02-18 12:21 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-21-58.095-aswFe.exe-5904.log
2015-02-18 12:21 - 2015-02-18 12:21 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-21-57.074-AvastVBoxSVC.exe-6716.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-14-03.077-aswFe.exe-6884.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-14-01.051-AvastVBoxSVC.exe-3600.log
2015-02-18 11:59 - 2015-02-18 12:01 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-59-36.088-AvastVBoxSVC.exe-2304.log
2015-02-15 21:06 - 2015-02-15 21:06 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\www.shadowexplorer.com
2015-02-14 18:50 - 2015-02-14 18:50 - 00000000 ____D () C:\Users\GoodEnd\Documents\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000760 _____ () C:\Users\Public\Desktop\MEGAsync.lnk
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Mega Limited
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\MEGAsync
2015-02-14 00:18 - 2015-01-23 07:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 00:18 - 2015-01-23 06:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 10:31 - 2015-01-29 10:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-11 10:31 - 2015-01-29 10:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-11 10:31 - 2015-01-29 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-02-11 10:31 - 2015-01-15 13:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-02-11 10:31 - 2015-01-15 11:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:31 - 2015-01-15 11:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:31 - 2015-01-15 06:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:31 - 2015-01-09 06:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:30 - 2015-01-12 08:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 08:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:30 - 2015-01-12 07:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 06:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:30 - 2015-01-12 05:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 10:29 - 2015-01-12 08:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:29 - 2015-01-12 07:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:29 - 2014-12-18 10:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-11 10:29 - 2014-12-18 08:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-11 10:29 - 2014-12-18 08:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-11 10:29 - 2014-12-18 08:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-11 10:29 - 2014-12-18 08:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-11 10:29 - 2014-12-09 01:14 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 10:29 - 2014-12-08 08:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:29 - 2014-12-08 07:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:29 - 2014-11-26 08:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:29 - 2014-11-26 06:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:28 - 2015-01-15 23:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 05:29 - 2014-11-03 17:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Listary
2015-03-04 05:24 - 2014-02-27 13:51 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job
2015-03-04 05:04 - 2014-03-06 13:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 05:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-04 04:56 - 2014-03-04 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 04:06 - 2014-02-28 00:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Mozilla
2015-03-04 03:50 - 2014-03-09 20:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-04 03:49 - 2014-08-09 03:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 03:49 - 2014-03-06 13:24 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 03:48 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 01:52 - 2012-07-26 09:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 01:08 - 2014-03-30 15:54 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9EC9E2-1ACB-42F3-A8C9-A4E462E25A3F}
2015-03-03 10:20 - 2014-03-09 05:17 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\QuickScan
2015-03-03 09:54 - 2014-12-04 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-03 09:23 - 2014-11-13 22:14 - 00002383 _____ () C:\Users\GoodEnd\Desktop\Google Chrome.lnk
2015-03-03 09:23 - 2014-03-04 06:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 08:51 - 2013-09-22 03:34 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_software
2015-03-03 07:38 - 2013-09-27 02:15 - 00000000 ____D () C:\batW8
2015-03-03 05:35 - 2014-08-16 20:14 - 00007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-03-03 02:14 - 2014-10-18 13:56 - 00448784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-02 17:24 - 2014-02-27 13:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job
2015-03-02 12:39 - 2014-08-20 19:27 - 00438272 ___SH () C:\Users\GoodEnd\Desktop\Thumbs.db
2015-03-01 17:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-01 17:35 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2015-03-01 09:46 - 2014-03-17 05:00 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 04:06 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Dropbox
2015-02-27 16:32 - 2014-05-25 15:27 - 00000000 ___RD () C:\Users\GoodEnd\Dropbox
2015-02-27 16:28 - 2014-08-15 01:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-27 15:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\schemas
2015-02-26 21:02 - 2014-06-30 18:43 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Skype
2015-02-26 02:10 - 2014-09-24 22:05 - 00000000 ____D () C:\Users\GoodEnd\Documents\Outlook Files
2015-02-26 00:38 - 2014-09-06 16:04 - 00000000 ____D () C:\logs_az
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Deployment
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Apps\2.0
2015-02-26 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\addins
2015-02-25 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2015-02-25 23:14 - 2014-08-23 10:37 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\UpdaterService
2015-02-25 12:52 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-25 12:23 - 2014-02-26 15:57 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Citrix
2015-02-24 22:46 - 2014-02-25 14:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-523973353-2006286681-1537153563-1001
2015-02-24 05:53 - 2014-02-25 14:44 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-02-24 05:12 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2015-02-24 02:52 - 2014-08-10 10:14 - 00002222 _____ () C:\Windows\diagwrn.xml
2015-02-24 02:52 - 2014-08-10 10:14 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-23 05:47 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\GoodEnd
2015-02-22 17:53 - 2014-09-16 15:51 - 00000000 ____D () C:\MyWget
2015-02-20 12:27 - 2014-12-16 08:55 - 00000000 ____D () C:\Users\GoodEnd\vpworkspace40
2015-02-20 03:02 - 2014-11-11 23:11 - 00328192 ___SH () C:\Users\GoodEnd\Documents\Thumbs.db
2015-02-20 01:06 - 2014-11-26 00:12 - 00000000 ____D () C:\Users\GoodEnd\Documents\VPProjects
2015-02-19 22:57 - 2014-11-26 00:11 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\VisualParadigm
2015-02-17 08:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 04:20 - 2014-11-17 23:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 00:06 - 2014-04-25 14:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\IE Tab
2015-02-13 23:31 - 2014-08-20 20:05 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2015-02-13 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 18:43 - 2014-11-07 11:50 - 00000000 ____D () C:\Users\GoodEnd\Downloads\NTAKD specifikacija
2015-02-11 18:38 - 2014-12-16 08:52 - 00000000 ____D () C:\Program Files (x86)\VP Suite 5.0
2015-02-11 18:38 - 2014-12-16 08:14 - 00000133 _____ () C:\Users\GoodEnd\.vpinstall.properties
2015-02-11 11:24 - 2014-02-26 04:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 11:23 - 2014-02-26 07:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 11:23 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2015-02-11 11:20 - 2014-02-26 00:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-05 17:19 - 2014-02-27 13:51 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA
2015-02-05 17:19 - 2014-02-27 13:51 - 00003526 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core
2015-02-04 21:59 - 2014-03-06 13:24 - 00003906 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 21:59 - 2014-03-06 13:24 - 00003670 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 20:56 - 2014-03-04 22:38 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 21:29 - 2014-12-12 15:23 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 21:29 - 2014-12-12 15:23 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-02-24 06:57 - 2015-02-24 06:57 - 0212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:58 - 2015-02-24 06:58 - 0470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 0000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2014-04-16 13:34 - 2014-04-16 13:34 - 0000728 _____ () C:\Users\GoodEnd\AppData\Local\recently-used.xbel
2014-08-16 20:14 - 2015-03-03 05:35 - 0007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-02-24 06:48 - 2015-02-24 18:58 - 0000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2014-12-22 08:07 - 2014-12-22 12:46 - 0620099 _____ () C:\Users\GoodEnd\AppData\Local\TempImage.png
2015-03-03 10:23 - 2015-03-03 10:23 - 0199300 _____ () C:\ProgramData\1425370791.bdinstall.bin

Files to move or delete:
====================
C:\Users\GoodEnd\pdfeditor.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-02 03:33

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 07 March 2015 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF user.js: detected! => C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\user.js
FF Extension: {e621d201-3005-463f-b8e2-4d12b385773f} - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi [2014-12-15]
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1418982105&from=free&uid=SAMSUNGXHN-M500MBB_S2R7J1DB701610
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
S2 HPSLPSVC; C:\Users\GoodEnd\AppData\Local\Temp\7zS0742\hpslpsvc64.dll [X]
S3 atikmdag; \SystemRoot\system32\DRIVERS\atikmdag.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect64.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 R300; \SystemRoot\system32\DRIVERS\atikmdag.sys [X][/B]
C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi 
Task: {DA8E1F10-6CF1-421C-8E6B-5052ADB156AD} - \FSSUpdaterService No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists continue with this scan.


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now?

#3 goodend

goodend
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 08 March 2015 - 01:23 AM

Hello nasdaq

thank You for reply

 

to be sure applied 2 steps You proposed:

 

1. FRST fix

2. RogueKiller

 

see tha some stuff remains:

...\aswWebRepChrome.crx" => File could not move

- should I'll remove manually?

 

both reports attached below

 

so far - so good, seems to be fixed

 

appreciate for You help

 

kindest regards

 

goodend

 

***********************************************************************

***********************************************************************

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by GoodEnd at 2015-03-07 19:48:01 Run:2
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Loaded Profiles: GoodEnd (Available profiles: GoodEnd & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF user.js: detected! => C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\user.js
FF Extension: {e621d201-3005-463f-b8e2-4d12b385773f} - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi [2014-12-15]
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1418982105&from=free&uid=SAMSUNGXHN-M500MBB_S2R7J1DB701610
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-19]
S2 HPSLPSVC; C:\Users\GoodEnd\AppData\Local\Temp\7zS0742\hpslpsvc64.dll [X]
S3 atikmdag; \SystemRoot\system32\DRIVERS\atikmdag.sys [X]
S3 BdCameraProtect; \??\C:\Program Files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu Antivirus\BdCameraProtect64.sys [X]
S1 Bfilter; \??\C:\Windows\System32\drivers\Bfilter.sys [X]
S1 Bfmon; \??\C:\Windows\System32\drivers\Bfmon.sys [X]
S1 Bnbase; System32\drivers\bnbasex64.sys [X]
S1 Bndef; \??\C:\Windows\System32\drivers\bndef64.sys [X]
S1 Bprotect; \??\C:\Windows\System32\drivers\Bprotect.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 R300; \SystemRoot\system32\DRIVERS\atikmdag.sys [X][/B]
C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi
Task: {DA8E1F10-6CF1-421C-8E6B-5052ADB156AD} - \FSSUpdaterService No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE

End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
"HKU\S-1-5-21-523973353-2006286681-1537153563-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
FF user.js: detected! => C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\user.js not found.
C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi => Moved successfully.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
HPSLPSVC => Service deleted successfully.
atikmdag => Service deleted successfully.
BdCameraProtect => Service deleted successfully.
Bfilter => Service deleted successfully.
Bfmon => Service deleted successfully.
Bnbase => Service deleted successfully.
Bndef => Service deleted successfully.
Bprotect => Service deleted successfully.
catchme => Service deleted successfully.
ew_hwusbdev => Service deleted successfully.
ew_usbenumfilter => Service deleted successfully.
huawei_cdcacm => Service deleted successfully.
huawei_enumerator => Service deleted successfully.
huawei_ext_ctrl => Service deleted successfully.
huawei_wwanecm => Service deleted successfully.
R300 => Service deleted successfully.
"C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{e621d201-3005-463f-b8e2-4d12b385773f}.xpi" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA8E1F10-6CF1-421C-8E6B-5052ADB156AD} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FSSUpdaterService => Key not found.
C:\ProgramData\TEMP => ":A5C00DEE" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-07 19:52:48)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 19:52:49 ====

 

***********************************************************************

***********************************************************************

 

RogueKiller V10.5.1.0 (x64) [Mar  5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : GoodEnd [Administrator]
Started from : C:\Users\GoodEnd\Desktop\_antivirus\RogueKillerX64\RogueKillerX64.exe
Mode : Delete -- Date : 03/07/2015  23:34:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet001\Services\LogWatch -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet002\Services\LogWatch -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet003\Services\LogWatch -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet001\Services\Tcpip\Parameters\Interfaces\{538B90DA-657C-4D75-BB86-9BEB08E64413} | DhcpNameServer : 194.176.32.142 194.176.32.163 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet001\Services\Tcpip\Parameters\Interfaces\{923C18E9-2A33-4A57-BA57-A197404E1EBF} | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E5423456-9138-4CAA-A449-E53EADB2AC87} | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet002\Services\Tcpip\Parameters\Interfaces\{538B90DA-657C-4D75-BB86-9BEB08E64413} | DhcpNameServer : 194.176.32.142 194.176.32.163 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet002\Services\Tcpip\Parameters\Interfaces\{923C18E9-2A33-4A57-BA57-A197404E1EBF} | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet003\Services\Tcpip\Parameters\Interfaces\{538B90DA-657C-4D75-BB86-9BEB08E64413} | DhcpNameServer : 194.176.32.142 194.176.32.163 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_07C3\ControlSet003\Services\Tcpip\Parameters\Interfaces\{923C18E9-2A33-4A57-BA57-A197404E1EBF} | DhcpNameServer : 80.240.0.2 212.59.1.1 [LITHUANIA (LT)][LITHUANIA (LT)]  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\RK_GoodEnd_ON_D_9F3E\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\RK_GoodEnd_ON_D_9F3E\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_BA80\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_BA80\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_BA80\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_BA80\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HN-M500MBB +++++
--- User ---
[MBR] f0f959969a2fe54fc06e9cd53547fd9f
[BSP] 0792dee2df51ac413e9301b70fbfe967 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 4096 | Size: 150000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 307204096 | Size: 118780 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 648110296 | Size: 160477 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 550467225 | Size: 47677 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_02252015_230719.log - RKreport_SCN_02252015_222413.log - RKreport_SCN_03072015_201528.log



#4 goodend

goodend
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 08 March 2015 - 03:26 AM

Hello again, nasdaq

 

unfortunately unwanted activity of some process started again at 10:00 local time

please find FRST reports attached

 

***************************************************************

FRST.txt

***************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by GoodEnd (administrator) on GOODEND-DELAZ on 08-03-2015 11:06:45
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Loaded Profiles: GoodEnd (Available profiles: GoodEnd & Guest)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(PortableApps.com) E:\PA\PortableApps\PortableApps.com\PortableAppsPlatform.exe
() E:\PA\PortableApps\Launchy\Launchy.exe
(PortableApps.com) E:\PA\PortableApps\ListaryPortable\ListaryPortable.exe
(Bopsoft) E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary.exe
() E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(PortableApps.com) E:\PA\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\firefox.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\plugin-container.exe
(Google) C:\Users\GoodEnd\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel®

Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA

Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008

2014-12-18] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-09-16]

(Intel Corporation)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe

[5564104 2014-09-05] (Kakao Inc.)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office

\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion

\Application\WebCompanion.exe [1300288 2015-03-02] (Lavasoft)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming

\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync

\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync

\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync

\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll

(AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync

\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync

\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync

\ShellExtX32.dll ()
BootExecute: ampa

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office

\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-

22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

[2014-11-19] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office

\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015

-01-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office

\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll

[2015-01-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

[2014-11-19] (AVAST Software)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button

\DiigoSingleButton.dll [2013-03-20] (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office

\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin

\jp2ssv.dll [2015-01-22] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Tcpip\..\Interfaces\{50B1214A-DFB3-4B11-AED1-58731002F4A1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D101DAE4-B7C3-4BF5-91B2-8A7F85D09999}: [NameServer] 208.67.222.222,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle

Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft

Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems,

Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22]

(Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle

Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] (

Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31]

(Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-31]

(NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02

-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02

-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @citrixonline.com/appdetectorplugin -> C:\Users\GoodEnd\AppData

\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\GoodEnd\AppData

\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/O1DPlugin -> C:\Users\GoodEnd\AppData\Roaming

\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GoodEnd

\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GoodEnd

\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-09-25] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: Customize Your Web - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\customizeyourweb@mouseless.de [2014-12-13]
FF Extension: DevSearch - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\devsearch@penzil.com

[2014-12-13]
FF Extension: DOM Inspector Plus! [dm] - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\inspector-dp@mozilla.org [2015-03-04]
FF Extension: DOM Inspector - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\inspector@mozilla.org [2014-12-16]
FF Extension: Tab Groups Helper - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\tabgroupshelper@kevinallasso.org [2015-01-25]
FF Extension: TableTools2 - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\tabletools2@mingyi.org [2014-12-13]
FF Extension: YouTube Unblocker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\youtubeunblocker@unblocker.yt [2014-12-15]
FF Extension: Liquid Words - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{9A752782-D706-

479b-98F8-3F66BF921692} [2014-12-13]
FF Extension: Diigo Toolbar - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{fc2b8f80-d9a5-

4f51-8076-7c7ce3c67ee3} [2014-08-19]
FF Extension: Autofill Forms - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\autofillForms@blueimp.net.xpi [2014-12-12]
FF Extension: Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\firebug@software.joehewitt.com.xpi [2014-12-13]
FF Extension: Firefinder for Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\firefinder@robertnyman.com.xpi [2014-12-13]
FF Extension: FirePath - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\FireXPath@pierre.tholence.com.xpi [2014-12-13]
FF Extension: HeadingsMap - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\headings@niquelheadings.net.xpi [2014-12-13]
FF Extension: ProxTube - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\ich@maltegoetz.de.xpi

[2014-12-15]
FF Extension: Google search link fix - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid0-

XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-12-15]
FF Extension: Lightbeam - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-

F9UJ2thwoAm5gQ@jetpack.xpi [2014-12-11]
FF Extension: Official My JDownloader Add-On - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2014-09-04]
FF Extension: Tab Counter - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabcounter@morac.xpi

[2015-02-12]
FF Extension: UploadScreenshot.com Capture - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\uss-button@uploadscreenshot.com.xpi [2014-12-11]
FF Extension: xpath finder - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions

\xpath_finder@xpath_finder.com.xpi [2014-12-13]
FF Extension: Resurrect Pages - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{0c8fbd76-bdeb-

4c52-9b24-d587ce7b9dc3}.xpi [2014-12-13]
FF Extension: Clean Links - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{158d7cb3-7039-4a75

-8e0b-3bd0a464edd2}.xpi [2014-12-15]
FF Extension: xpathprototyping - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{15b08099-

6b77-43bc-8e70-69b85eeef09d}.xpi [2014-12-13]
FF Extension: XmlUtils - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{2fb6bf28-e829-4804-

ab69-3bdb7d5fa997}.xpi [2014-12-13]
FF Extension: LinkWalker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{398BEB7C-752C-4378

-87EA-D775CE1FD9B9}.xpi [2014-12-13]
FF Extension: XPath Checker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{7eb3f691-25b4-

4a85-9038-9e57e2bcd537}.xpi [2014-12-13]
FF Extension: QuickTime Plugin - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{85c379fe-b97f-

4ae6-88f9-4086c494b77e}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{d10d0bf8-f5b5-

c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\MozillaFFNightly\firefox.exe

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri=

{google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}

{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitford) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjcpjkkccmhfopfciohkkfolnjbbdoh

[2014-09-04]
CHR Extension: (Regex Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\akjalgjglcdpomokfhgcmononebebioc [2014-03-17]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-29]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-21]
CHR Extension: (Google Docs) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (CSS Selector Tester) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bbklnaodgoocmcdejoalmbjihhdkbfon [2014-09-04]
CHR Extension: (Table2CSV) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bcjpegmibcoolkaoloohgjcagfhifiah [2014-03-21]
CHR Extension: (Warehouse) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bdmlfjedmpigingginfielgaemionchf [2014-03-17]
CHR Extension: (Designer Tools) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\begphfmcgdepfkoofbpkfcnimdeocadd [2014-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Web Developer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-04]
CHR Extension: (ColorZilla) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-09-04]
CHR Extension: (Cloud Kite) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\biagdapeolcddppdgcocjkdjfhlodegf [2014-09-04]
CHR Extension: (MEGA) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod

[2014-05-12]
CHR Extension: (YouTube) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Strict Workflow) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-03-21]
CHR Extension: (Maestro BPM) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\chldapjgnddmiimikjihplihdggkmhmm [2014-09-04]
CHR Extension: (OneTab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall

[2014-09-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-04]
CHR Extension: (RegExp Tester App) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\cmmblmkfaijaadfjapjddbeaoffeccib [2014-03-17]
CHR Extension: (Google Search) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Snip to drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dfklphbiceofdlbejbgglhdgdajliphg [2014-03-21]
CHR Extension: (Remove Google Redirection) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\dnhjklgpiifbofihffldllbcopkinlod [2014-11-18]
CHR Extension: (Session Buddy) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\edacconmaakjimmfgnblocblbcdcpbko [2014-09-04]
CHR Extension: (Table-of-contents-crx) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\eeknhipceeelbgdbcmchicoaoalfdnhi [2014-03-21]
CHR Extension: (XV — XML Viewer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\eeocglpgjdpaefaedpblffpeebgmgddk [2014-03-17]
CHR Extension: (Tabs Outliner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-21]
CHR Extension: (Morphine) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\fbnpehpbojenlldmfcopeajkichnnjpo [2014-03-21]
CHR Extension: (Page Code Reverser) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\feobacmbekoonbggodgigfopfnfiggdn [2014-03-21]
CHR Extension: (XML Tree) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-03-21]
CHR Extension: (KustomNote) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gcbhnopbeccehmeofkcegmekomjhdenp [2014-09-04]
CHR Extension: (Save to Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\gmbmikajjgmnabiglmofipeabaddhgne [2014-03-21]
CHR Extension: (Show Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2014-11-23]
CHR Extension: (IE Tab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd

[2014-06-26]
CHR Extension: (Post to WordPress) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hhmhfcfbheceghfbfjgkjnlhooadpnej [2014-09-04]
CHR Extension: (Google Keep - notes and lists) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-17]
CHR Extension: (Cool Clock) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\icegcmhgphfkgglbljbkdegiaaihifce [2014-03-21]
CHR Extension: (Table Capture) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\iebpjdmgckacbodjpijphcplhebcmeop [2014-03-17]
CHR Extension: (ProxMate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-11-24]
CHR Extension: (Save this page with CleanSave) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\iplagehfoafmmjppeijnpkohihcllici [2014-09-04]
CHR Extension: (WordPress Plugin Sniffer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jdmbobghippoogeagbcimaolcfbjoihk [2014-09-04]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-09-04]
CHR Extension: (Web Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jnhgnonknehpejjnehehllkliplmbmhn [2014-03-17]
CHR Extension: (Open Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\kdhjgkkaacdhdioocfbpmhjidbinfajj [2014-11-23]
CHR Extension: (table to csv) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\khobgoemenoleeedfbilehnpoelmkbko [2014-03-17]
CHR Extension: (Mohiomap) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\kikkonmkmijjlbenemmnoakjmniihppj [2014-09-04]
CHR Extension: (Diigo Web) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\kipfakkakbicobflnnminhjjdkglgbmf [2014-03-17]
CHR Extension: (The Great Suspender) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\klbibkeccnjlkjkiokjodocebajanakg [2014-03-17]
CHR Extension: (Auto HD For YouTube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-04]
CHR Extension: (Business Process Simulator) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\lagcfcefblfnmjkkkdekiidfefhgodmk [2014-09-04]
CHR Extension: (XPath) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbghbpofdlcecfbpjgmffnkieenjkboi

[2014-09-04]
CHR Extension: (Text compare, Diff Tools for Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\lkcdojpmjehlniamnglpjlldkoonlomb [2014-09-04]
CHR Extension: (rigrr) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkefodmoklnelkhifkakjlgncijfnnf

[2014-03-21]
CHR Extension: (Quick Note) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\mijlebbfndhelmdpmllgcfadlkankhok [2014-03-21]
CHR Extension: (GetThemAll Downloader) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-04]
CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default

\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (DataMiner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nndknepjnldbdbepjfgmncbggmopgden [2014-03-21]
CHR Extension: (Mural.ly) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf

[2014-09-04]
CHR Extension: (CCTV View) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\oajmcmcpiboagipoflploplebgicaadj [2014-03-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\ohcpnigalekghcmgcdcenkpelffpdolg [2014-09-04]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default

\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-07-29]
CHR Extension: (Pomodoro) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\opodpodbjdmaealpookfkofenoboahfe [2014-03-21]
CHR Extension: (4chan Plus) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pinelipedelckihohgdlpcclgocodhjj [2014-09-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions

\pioclpoplcdbaefihamjohnefbikjilc [2014-09-04]
CHR Extension: (Gmail) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

[2014-03-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04]

(NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05]

(Hewlett-Packard Company)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568

2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02]

(Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-

03-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-02-26] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PORTMON; E:\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS [28656 2015-02-24] (Systems Internals) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:01 - 2015-03-07 19:01 - 00031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db
2015-03-07 18:23 - 2015-03-07 18:23 - 00000837 _____ () C:\Users\GoodEnd\Desktop\_0 DD dirbama dabar - Shortcut.lnk
2015-03-05 08:24 - 2015-03-07 19:34 - 00003876 _____ () C:\Windows\System32\Tasks\BASICTASKAZ periodicaly clean temp
2015-03-05 04:50 - 2015-03-05 04:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\LavasoftStatistics
2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Lavasoft
2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-03-05 04:49 - 2015-03-02 18:02 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-05 04:49 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-05 04:48 - 2015-03-07 19:52 - 00002283 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-03-05 04:48 - 2015-03-05 05:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Lavasoft
2015-03-05 04:48 - 2015-03-05 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-05 04:47 - 2015-03-05 04:47 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-05 04:45 - 2015-03-05 04:45 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-04 10:16 - 2015-03-04 20:33 - 00000000 ____D () C:\AdwCleaner
2015-03-04 09:50 - 2015-03-05 04:48 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-03 10:23 - 2015-03-03 10:23 - 00199300 _____ () C:\ProgramData\1425370791.bdinstall.bin
2015-03-03 10:21 - 2015-03-03 10:21 - 00002134 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-03-03 10:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-03-03 10:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-03-03 10:20 - 2015-03-03 10:21 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-03 10:20 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-03-03 10:20 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-03-03 10:18 - 2015-03-03 10:19 - 00000000 ____D () C:\Program Files\MozillaFFNightly
2015-03-03 07:57 - 2015-03-03 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48A01207.sys
2015-03-03 05:35 - 2015-03-03 09:22 - 00000000 ____D () C:\KVRT_Data
2015-03-02 12:48 - 2015-03-02 12:49 - 02209668 _____ () C:\Users\GoodEnd\Downloads\wsusoffline952.zip
2015-03-02 10:40 - 2015-03-02 10:40 - 00137205 _____ () C:\Users\GoodEnd\Downloads\Microsoft posts tips for overcoming Windows 8.1

Update KB 2919355 errors _ InfoWorld.html
2015-03-01 16:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-01 09:46 - 2015-03-01 09:47 - 00294392 _____ () C:\Windows\Minidump\030115-45109-01.dmp
2015-03-01 09:46 - 2015-03-01 09:46 - 698376508 _____ () C:\Windows\MEMORY.DMP
2015-02-28 21:29 - 2015-02-28 21:29 - 00002259 _____ () C:\Windows\epplauncher.mif
2015-02-27 16:25 - 2015-03-08 10:36 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\CrashDumps
2015-02-27 15:16 - 2015-02-27 15:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-26 00:53 - 2015-02-26 00:53 - 00000672 _____ () C:\Windows\system32\.crusader
2015-02-26 00:37 - 2015-02-26 00:37 - 00003306 _____ () C:\Windows\System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C}
2015-02-26 00:31 - 2015-02-26 00:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-26 00:31 - 2015-02-26 00:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-26 00:19 - 2015-02-26 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-26 00:18 - 2015-02-26 02:09 - 00000000 ____D () C:\Users\GoodEnd\Desktop\mbar
2015-02-25 23:15 - 2015-03-08 10:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 23:15 - 2015-02-26 00:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 23:15 - 2015-02-25 23:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-

Malware
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 23:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 23:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 22:10 - 2015-03-07 19:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-25 22:10 - 2015-02-25 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-25 12:39 - 2015-03-05 05:44 - 00003996 _____ () C:\Windows\PFRO.log
2015-02-25 04:53 - 2015-02-25 04:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-25 04:44 - 2015-01-09 08:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 04:44 - 2015-01-09 07:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 07:00 - 2015-02-24 07:00 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-24 06:58 - 2015-02-24 06:58 - 00470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:57 - 2015-02-24 06:57 - 00212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:48 - 2015-02-24 18:58 - 00000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 00000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2015-02-24 05:53 - 2015-03-08 04:45 - 01678545 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 04:47 - 2015-03-07 17:02 - 00000000 ____D () C:\Users\GoodEnd\Desktop\_antivirus
2015-02-24 04:47 - 2015-03-01 16:24 - 05612482 ____R (Swearware) C:\Users\GoodEnd\Desktop\ComboFix.exe
2015-02-24 04:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-24 04:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-24 04:17 - 2015-03-01 17:40 - 00000000 ____D () C:\Qoobox
2015-02-24 04:14 - 2015-02-24 05:05 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 03:50 - 2015-03-08 11:07 - 00000000 ____D () C:\FRST
2015-02-24 02:51 - 2015-03-03 10:21 - 00001209 _____ () C:\Windows\setupact.log
2015-02-24 02:51 - 2015-02-24 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 02:41 - 2015-03-07 18:13 - 00003124 _____ () C:\Windows\System32\Tasks\startupcleantemp
2015-02-24 02:38 - 2015-03-03 10:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\StartupRem
2015-02-23 06:45 - 2015-02-28 22:27 - 00000000 ____D () C:\Windows\pss
2015-02-22 03:23 - 2015-02-22 03:23 - 00003770 _____ () C:\Users\GoodEnd\Documents\ForceSynchronizeTime.xml
2015-02-22 00:36 - 2015-02-22 00:36 - 00000902 _____ () C:\Users\GoodEnd\Downloads\_codeplex.com - Shortcut.lnk
2015-02-21 17:55 - 2015-02-21 17:59 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_ideas
2015-02-21 01:18 - 2015-02-21 01:18 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_hardware
2015-02-20 05:50 - 2015-02-21 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-20-03-50-41.093-AvastVBoxSVC.exe-4652.log
2015-02-20 04:01 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-20 04:00 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-02-20 03:08 - 2015-02-20 04:00 - 00003408 _____ () C:\Windows\System32\Tasks\BASIC TASK daily routine
2015-02-20 03:02 - 2015-02-20 04:06 - 00000610 _____ () C:\Users\GoodEnd\Documents\daily.txt
2015-02-18 12:25 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-25-42.081-aswFe.exe-6800.log
2015-02-18 12:21 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-21-58.095-aswFe.exe-5904.log
2015-02-18 12:21 - 2015-02-18 12:21 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-21-57.074-AvastVBoxSVC.exe-6716.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-14-03.077-aswFe.exe-6884.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-14-01.051-AvastVBoxSVC.exe-3600.log
2015-02-18 11:59 - 2015-02-18 12:01 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-59-36.088-AvastVBoxSVC.exe-2304.log
2015-02-15 21:06 - 2015-02-15 21:06 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\www.shadowexplorer.com
2015-02-14 18:50 - 2015-02-14 18:50 - 00000000 ____D () C:\Users\GoodEnd\Documents\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000760 _____ () C:\Users\Public\Desktop\MEGAsync.lnk
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Mega Limited
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\MEGAsync
2015-02-14 00:18 - 2015-01-23 07:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 00:18 - 2015-01-23 06:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 10:31 - 2015-01-29 10:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-11 10:31 - 2015-01-29 10:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-11 10:31 - 2015-01-29 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00124928 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-02-11 10:31 - 2015-01-15 13:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-02-11 10:31 - 2015-01-15 11:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:31 - 2015-01-15 11:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:31 - 2015-01-15 06:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:31 - 2015-01-09 06:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:30 - 2015-01-12 08:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 08:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:30 - 2015-01-12 07:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 06:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:30 - 2015-01-12 05:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 10:29 - 2015-01-12 08:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:29 - 2015-01-12 07:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:29 - 2014-12-18 10:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-11 10:29 - 2014-12-18 08:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-11 10:29 - 2014-12-18 08:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-11 10:29 - 2014-12-18 08:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-11 10:29 - 2014-12-18 08:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-11 10:29 - 2014-12-09 01:14 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 10:29 - 2014-12-08 08:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:29 - 2014-12-08 07:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:29 - 2014-11-26 08:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:29 - 2014-11-26 06:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:28 - 2015-01-15 23:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-08 11:04 - 2014-03-06 13:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-08 10:56 - 2014-03-04 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 10:54 - 2014-02-28 00:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Mozilla
2015-03-08 10:24 - 2014-02-27 13:51 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-

1537153563-1001UA.job
2015-03-08 08:57 - 2014-03-30 15:54 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9EC9E2-1ACB-42F3-

A8C9-A4E462E25A3F}
2015-03-08 08:35 - 2014-08-20 19:27 - 00574464 ___SH () C:\Users\GoodEnd\Desktop\Thumbs.db
2015-03-08 00:15 - 2014-11-03 17:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Listary
2015-03-08 00:09 - 2014-09-06 16:04 - 00000000 ____D () C:\logs_az
2015-03-07 22:04 - 2014-03-06 13:24 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 19:51 - 2014-08-09 03:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 19:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 19:26 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-07 19:10 - 2014-12-04 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-07 17:33 - 2014-03-09 20:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-07 16:00 - 2014-08-09 03:05 - 00000000 ____D () C:\Dell
2015-03-06 11:32 - 2013-09-27 02:15 - 00000000 ____D () C:\batW8
2015-03-05 17:24 - 2014-02-27 13:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-

1537153563-1001Core.job
2015-03-04 20:51 - 2014-02-25 14:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-

523973353-2006286681-1537153563-1001
2015-03-04 18:40 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-04 10:11 - 2014-08-15 01:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-04 01:52 - 2012-07-26 09:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 10:20 - 2014-03-09 05:17 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\QuickScan
2015-03-03 09:23 - 2014-03-04 06:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Google Chrome
2015-03-03 08:51 - 2013-09-22 03:34 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_software
2015-03-03 05:35 - 2014-08-16 20:14 - 00007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-03-03 02:14 - 2014-10-18 13:56 - 00448784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-01 17:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-01 17:35 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2015-03-01 09:46 - 2014-03-17 05:00 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 04:06 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Dropbox
2015-02-27 16:32 - 2014-05-25 15:27 - 00000000 ___RD () C:\Users\GoodEnd\Dropbox
2015-02-27 15:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\schemas
2015-02-26 21:02 - 2014-06-30 18:43 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Skype
2015-02-26 02:10 - 2014-09-24 22:05 - 00000000 ____D () C:\Users\GoodEnd\Documents\Outlook Files
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Deployment
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Apps\2.0
2015-02-26 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\addins
2015-02-25 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2015-02-25 12:23 - 2014-02-26 15:57 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Citrix
2015-02-24 05:53 - 2014-02-25 14:44 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-02-24 05:12 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2015-02-24 02:52 - 2014-08-10 10:14 - 00002222 _____ () C:\Windows\diagwrn.xml
2015-02-24 02:52 - 2014-08-10 10:14 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-23 05:47 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\GoodEnd
2015-02-22 17:53 - 2014-09-16 15:51 - 00000000 ____D () C:\MyWget
2015-02-20 12:27 - 2014-12-16 08:55 - 00000000 ____D () C:\Users\GoodEnd\vpworkspace40
2015-02-20 03:02 - 2014-11-11 23:11 - 00328192 ___SH () C:\Users\GoodEnd\Documents\Thumbs.db
2015-02-20 01:06 - 2014-11-26 00:12 - 00000000 ____D () C:\Users\GoodEnd\Documents\VPProjects
2015-02-19 22:57 - 2014-11-26 00:11 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\VisualParadigm
2015-02-17 08:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 04:20 - 2014-11-17 23:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 00:06 - 2014-04-25 14:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\IE Tab
2015-02-13 23:31 - 2014-08-20 20:05 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Dropbox
2015-02-13 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2015-02-13 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 18:43 - 2014-11-07 11:50 - 00000000 ____D () C:\Users\GoodEnd\Downloads\NTAKD specifikacija
2015-02-11 18:38 - 2014-12-16 08:52 - 00000000 ____D () C:\Program Files (x86)\VP Suite 5.0
2015-02-11 18:38 - 2014-12-16 08:14 - 00000133 _____ () C:\Users\GoodEnd\.vpinstall.properties
2015-02-11 11:24 - 2014-02-26 04:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 11:23 - 2014-02-26 07:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 11:23 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2015-02-11 11:20 - 2014-02-26 00:44 - 00000000 ____D () C:\Windows\system32\MRT

==================== Files in the root of some directories =======

2015-02-24 06:57 - 2015-02-24 06:57 - 0212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:58 - 2015-02-24 06:58 - 0470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 0000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2014-04-16 13:34 - 2014-04-16 13:34 - 0000728 _____ () C:\Users\GoodEnd\AppData\Local\recently-used.xbel
2014-08-16 20:14 - 2015-03-03 05:35 - 0007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-02-24 06:48 - 2015-02-24 18:58 - 0000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2014-12-22 08:07 - 2014-12-22 12:46 - 0620099 _____ () C:\Users\GoodEnd\AppData\Local\TempImage.png
2015-03-07 19:01 - 2015-03-07 19:01 - 0031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db
2015-03-03 10:23 - 2015-03-03 10:23 - 0199300 _____ () C:\ProgramData\1425370791.bdinstall.bin

Files to move or delete:
====================
C:\Users\GoodEnd\pdfeditor.dat


Some content of TEMP:
====================
C:\Users\GoodEnd\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 05:01

==================== End Of Log ============================

 

***************************************************************

Addition.txt

***************************************************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by GoodEnd at 2015-03-08 11:08:09
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.908.1803 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology

Co., Ltd.)
AutoHotkey 1.1.16.05 (HKLM\...\AutoHotkey) (Version: 1.1.16.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluefish 2.2.5 (HKLM-x32\...\Bluefish) (Version: 2.2.5 - The Bluefish Developers)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
ccc-core-static (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Menu for Office Enterprise 2010 and 2013 v5.55 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.55 - Addintools)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom

Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Diigo Single Button (HKLM-x32\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
Dropbox (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
FSS Google Books Downloader version 1.4.5.7 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.4.5.7 - FreeSmartSoft Ltd.)
FSS Google Maps Downloader version 1.0.5.6 (HKLM-x32\...\FSS Google Maps Downloader_is1) (Version: 1.0.5.6 - FreeSmartSoft Ltd.)
GBLight (HKLM-x32\...\GBLight3.0) (Version: 3.0 - Guided Brainstorming LLC)
GBLightSp (HKLM-x32\...\{557B3F65-15F8-4CCA-8098-AD731AB6DAC4}) (Version: 3.0.0 - Guided Brainstorming LLC)
GBPro (HKLM-x32\...\GBPro3.0) (Version: 3.0 - Guided Brainstorming LLC)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Chrome (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
IDEF0 Editor 2.0 (HKLM-x32\...\IDEF0 Editor 2.0) (Version:  - )
yEd Graph Editor 3.13 (HKLM\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.03.16101 - Sony Corporation)
iMapping Tool Free (HKLM\...\{739A7657-1D9C-47A9-94F3-E0A501A8B6BD}) (Version: 1.0 - Dr. Heiko Haller, www.imapping.info)
import.io (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\{95981586-8D7F-49E9-9C7F-3AA704641471}_is1) (Version: 0.1 -

import.io)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM\...\Office14.PROOFKIT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft

Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft

Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version:

9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729

- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -

Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219

- Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version:

11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version:

11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version:

10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0a1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Network Recording Player (HKLM-x32\...\{EA7547D9-708C-4496-BF2D-8623FB3C4F13}) (Version: 29.8.2.10049 - Cisco WebEx LLC)
Nightly 39.0a1 (x64 en-US) (HKLM\...\Nightly 39.0a1 (x64 en-US)) (Version: 39.0a1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA

Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA

Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5922 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Optimum version 14.0.0.146 (HKLM-x32\...\Optimum_is1) (Version: 14.0.0.146 - Optimum Systems)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Info 2.02 (HKLM-x32\...\PDF Info_is1) (Version:  - Bureausoft Corporation)
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.3.4.2350 - Simon Steele)
ProjectLibre (HKLM-x32\...\{0615141F-66B8-4861-9723-BF0CDBF29328}) (Version: 1.5.18.0 - ProjectLibre)
RICOH Media Driver ver.2.11.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)
Semantic IDE version 1.0.2.5 (HKLM-x32\...\{0C065F81-9A21-4E9C-8A78-C60DB683676A}_is1) (Version: 1.0.2.5 - Semantic Technology

Company Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}

_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_

{F2D64AA9-2EE6-423B-AD9E-B0780FA11F0A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skins (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Southbeach Modeller (HKLM-x32\...\Southbeach Modeller) (Version: 3.0.0.2 - Southbeach Solutions Ltd)
Swiftlight (HKLM-x32\...\Swiftlight) (Version:  - Torridon Solutions)
Swiftlight (x32 Version: 1.0 - Torridon Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teleport VLX (HKLM-x32\...\Teleport VLX) (Version: 1.59 - Tennyson Maxwell Information Systems, Inc.)
VeryPDF PDF Editor v4.1 (HKLM-x32\...\VeryPDF PDF Editor v4.1_is1) (Version:  - VeryPDF.com, Inc.)
visViewer (HKLM\...\{08593FD5-57C1-4ED1-B6D6-B63B3E785500}) (Version: 3.0.2 - bVisual)
VP Suite 5.0 (HKLM-x32\...\VP Suite 5.0) (Version:  - Visual Paradigm International Ltd.)
Web Companion (HKLM-x32\...\{AB75B78F-CFFA-4027-A8DC-94357F2F77EE}_WebCompanion) (Version: 1.1.908.1803 - Lavasoft)
WhiteStarUML (HKLM-x32\...\WhiteStarUML) (Version:  - Janusz Szpilewski)
WhiteStarUML (x32 Version: 5.5.8 - Janusz Szpilewski) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F)

(Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XMind 1.0Beta (HKLM-x32\...\XMind Project_is1) (Version: 1.0Beta - NGLogic)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-

C0CE100EA736}\localserver32 -> E:\PA\PortableApps\DropboxPortableAHK1682beta\.dbfiles\profile\AppData\Roaming\Dropbox\bin

\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-

41373F017C9A}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-

2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-

948E6CB34B9F}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-

CCAB78F7711C}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

28-02-2015 23:32:56 Scheduled Checkpoint
05-03-2015 04:44:33 AA11

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2015-02-25 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A8633C2-B8ED-4266-B94D-26F027AD98A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {11E88EC8-26DA-45B3-BD9F-3E7399C74EF1} - System32\Tasks\BASIC TASK daily routine => C:\Users\GoodEnd\Documents\daily.txt

[2015-02-20] ()
Task: {19C919EB-DD7F-4794-BB8F-164DFCB24C51} - System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C} => pcalua.exe -a C:

\Users\GoodEnd\AppData\Local\Apps\2.0\9D5OY6BR.XVD\1HAYT0X8.MXX\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec

\Uninstaller.exe -c uninstall
Task: {3F74D098-B98C-4ED2-81BE-35C73BAC6E29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-

1537153563-1001Core => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {4FA8E328-8F5F-452D-BFB7-B065A024653A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {5302DF3D-3FB6-4EF0-848C-6C6B4EA6D789} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows

\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {574FAC6D-80B2-44BE-AD83-89BEFB0B6960} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-

1537153563-1001UA => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {79AE7CAC-FCE5-4A06-BFFA-8180636780F2} - System32\Tasks\startupcleantemp => C:\batW8\startupcleantemp.bat [2015-02-23] ()
Task: {7A90580F-0FCB-4695-B42D-39E0ADFDA4AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start

osppsvc
Task: {8BDFEED8-8CAB-40F9-BA8B-C79E3C139516} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files

\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BAC3C4DE-A531-4160-907A-9FAF1A1330F1} - System32\Tasks\BASICTASKAZ periodicaly clean temp => C:

\batW8\scheduled_clean_temp.bat [2015-03-08] ()
Task: {C713206A-AF3B-4606-80A0-BCB8BBDF4877} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google

\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {CEB1EF51-A3F6-42CD-A2F9-9ECAED91D355} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast

\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {F075DF7A-1BE6-4217-A7B1-F5095579436E} - System32\Tasks\visit-daily-inventship bat => E:\PA\PortableApps\AutoHotKey\visit-daily-

inventship.bat [2014-10-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job => C:\Users\GoodEnd

\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job => C:\Users\GoodEnd\AppData

\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-03 10:21 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-03-03 10:21 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-11-03 04:24 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\SecurityCenter.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.SearchProtect.WinService.exe
2015-03-02 18:00 - 2015-03-02 18:00 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.SearchProtect.WcfService.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareShellExtension.dll
2014-08-29 21:57 - 2012-09-05 11:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus

\11.5.202.7299\Localization.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00286720 _____ () E:\PA\PortableApps\launchy\launchy.exe
2012-03-29 14:56 - 2012-03-29 14:56 - 00089944 _____ () E:\PA\PortableApps\ListaryPortable\App\Listary\X64\CrashRpt1300.dll
2012-05-08 08:50 - 2012-05-08 08:50 - 00047960 _____ () E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe
2015-03-07 12:16 - 2015-03-07 12:16 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030700\algo.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-07 23:52 - 2015-03-07 23:52 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030701\algo.dll
2014-05-01 16:15 - 2014-05-01 16:15 - 00463360 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures

\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00072512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.SearchProtect.Business.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.SearchProtect.Repositories.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.Utils.SqlLite.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.PUP.Management.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00069960 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application

\Lavasoft.CSharp.Utilities.dll
2014-11-19 13:24 - 2014-11-19 13:24 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-26 17:20 - 2008-05-24 12:31 - 07061504 _____ () E:\PA\PortableApps\launchy\QtGui4.dll
2011-12-26 17:20 - 2008-05-24 12:20 - 00561152 _____ () E:\PA\PortableApps\launchy\QtNetwork4.dll
2011-12-26 17:20 - 2008-05-24 12:19 - 01961984 _____ () E:\PA\PortableApps\launchy\QtCore4.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00053248 _____ () E:\PA\PortableApps\launchy\platform_win.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00061440 _____ () E:\PA\PortableApps\launchy\plugins\calcy.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00021504 _____ () E:\PA\PortableApps\launchy\plugins\gcalc.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00069632 _____ () E:\PA\PortableApps\launchy\plugins\runner.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00098304 _____ () E:\PA\PortableApps\launchy\plugins\weby.dll
2015-03-08 00:15 - 2015-03-08 00:15 - 00011264 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsxDC89.tmp\System.dll
2015-03-08 00:15 - 2015-03-08 00:15 - 00121344 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsxDC89.tmp\xml.dll
2015-03-08 10:54 - 2015-03-08 10:54 - 00029696 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsd706F.tmp\registry.dll
2015-03-08 10:54 - 2015-03-08 10:54 - 00011264 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsd706F.tmp\System.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GoodEnd\AppData\Roaming

\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\StartupFolder: => "TheBrain.lnk"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "StartCCC"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "KakaoTalk"

==================== Accounts: =============================

Administrator (S-1-5-21-523973353-2006286681-1537153563-500 - Administrator - Disabled)
GoodEnd (S-1-5-21-523973353-2006286681-1537153563-1001 - Administrator - Enabled) => C:\Users\GoodEnd
Guest (S-1-5-21-523973353-2006286681-1537153563-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-523973353-2006286681-1537153563-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft Usbccid Smartcard Reader (WUDF)
Description: Microsoft Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information

about how to diagnose the problem, see the hardware documentation.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/08/2015 10:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Faulting module name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Exception code: 0xc0000005
Fault offset: 0x0000000000024a1a
Faulting process id: 0x2500
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

Error: (03/07/2015 07:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Faulting module name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Exception code: 0xc0000005
Fault offset: 0x0000000000024a00
Faulting process id: 0x1be0
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

Error: (03/06/2015 05:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-

TWinUI/Operational log for additional information.

Error: (03/06/2015 05:44:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927142 See the Microsoft-Windows-

TWinUI/Operational log for additional information.

Error: (03/06/2015 01:58:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-

TWinUI/Operational log for additional information.

Error: (03/06/2015 05:24:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc000041d
Fault offset: 0x00000000000b57ce
Faulting process id: 0x2598
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (03/06/2015 05:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc0000005
Fault offset: 0x00000000000b57ce
Faulting process id: 0x2598
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5


System errors:
=============
Error: (03/07/2015 07:54:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the

following error:
%%1058

Error: (03/07/2015 07:50:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053

Error: (03/07/2015 07:50:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (03/07/2015 07:48:59 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (03/07/2015 07:48:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%109

Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (03/07/2015 07:48:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000

milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (03/08/2015 10:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe7.3.2015.154fb09c6FRST64.exe7.3.2015.154fb09c6c00000050000000000024a1a250001d0597a82af7b8aC:\Users

\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exeC:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery

Scan Tool\FRST64.exe3269007d-c56e-11e4-bf0b-5c260a06833a

Error: (03/07/2015 07:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe7.3.2015.154fb09c6FRST64.exe7.3.2015.154fb09c6c00000050000000000024a001be001d058fc9c6238a3C:\Users

\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exeC:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery

Scan Tool\FRST64.exedb720515-c4ef-11e4-bf0a-5c260a06833a

Error: (03/06/2015 05:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142

Error: (03/06/2015 05:44:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927142

Error: (03/06/2015 01:58:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142

Error: (03/06/2015 05:24:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000041d00000000000b57ce259801d057bcfd031ff9C:

\Windows\explorer.exeC:\Windows\system32\SHELL32.dll5e2aba27-c3b0-11e4-bf08-5c260a06833a

Error: (03/06/2015 05:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000000500000000000b57ce259801d057bcfd031ff9C:

\Windows\explorer.exeC:\Windows\system32\SHELL32.dll5c57e583-c3b0-11e4-bf08-5c260a06833a


CodeIntegrity Errors:
===================================
  Date: 2015-02-25 12:13:41.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-25 12:13:40.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-25 10:08:46.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-25 10:08:46.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-24 21:37:03.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-24 21:37:03.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.

  Date: 2015-02-24 19:03:19.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PA\PortableApps\SysinternalsSuite

20150129\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that

is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-24 04:59:41.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could

not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be

malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 8053.83 MB
Available physical RAM: 4110.9 MB
Total Pagefile: 12917.83 MB
Available Pagefile: 8029.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (W8) (Fixed) (Total:116 GB) (Free:43.71 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:17.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DataVolume) (Fixed) (Total:156.72 GB) (Free:12.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8AD8D52D)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=46.6 GB) - (Type=OF Extended)

==================== End Of Log ============================


Edited by goodend, 08 March 2015 - 04:20 AM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 08 March 2015 - 08:58 AM

Your last FRST log looks the same as the previous one but I'm unable to read it in it's present format.

Run the tool again and save the file. Make sure that the additional blank lines are removed.
It' may be a function the wordwrap function in the Format menu of Notepad.
===

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

#6 goodend

goodend
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 10 March 2015 - 08:16 AM

Thanks for reply, nasdaq

 

I see, ... sorry, probably this WISWYG corrupted - I'm copy-pasting from notepad, can't find haow to attach here (probably it's possible only for first post?) or upload to "my media"

 

I'm repeating again in plain mode. Maybe I can send files as attachments or upload to pastebin or somewhere?

 

Regarding malware in PC

- I found, that it behaves quetly (actually - not shows any signs) if I'm not using any Firefox (I have 2 of them - desktop i.e. system install & PortableApps) - so now I switched to Chrome portable and can work.

 

I tried ESET online scanner before - it scans terribly slow - about 6 hours and not finished my 500GB hdd, don't know when to find time for this ...

 

**************************************

FRST.txt

**************************************

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by GoodEnd (administrator) on GOODEND-DELAZ on 08-03-2015 11:06:45
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Loaded Profiles: GoodEnd (Available profiles: GoodEnd & Guest)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(PortableApps.com) E:\PA\PortableApps\PortableApps.com\PortableAppsPlatform.exe
() E:\PA\PortableApps\Launchy\Launchy.exe
(PortableApps.com) E:\PA\PortableApps\ListaryPortable\ListaryPortable.exe
(Bopsoft) E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary.exe
() E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(PortableApps.com) E:\PA\PortableApps\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\firefox.exe
(Mozilla Corporation) E:\PA\PortableApps\FirefoxPortable\App\Firefox\plugin-container.exe
(Google) C:\Users\GoodEnd\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-09-16] (Intel Corporation)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5564104 2014-09-05] (Kakao Inc.)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1300288 2015-03-02] (Lavasoft)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()
BootExecute: ampa
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-19] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-19] (AVAST Software)
BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll [2013-03-20] (Diigo.inc)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)
Tcpip\..\Interfaces\{50B1214A-DFB3-4B11-AED1-58731002F4A1}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D101DAE4-B7C3-4BF5-91B2-8A7F85D09999}: [NameServer] 208.67.222.222,208.67.220.220
 
FireFox:
========
FF ProfilePath: C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @citrixonline.com/appdetectorplugin -> C:\Users\GoodEnd\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/O1DPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-09-25] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Extension: Customize Your Web - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\customizeyourweb@mouseless.de [2014-12-13]
FF Extension: DevSearch - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\devsearch@penzil.com [2014-12-13]
FF Extension: DOM Inspector Plus! [dm] - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector-dp@mozilla.org [2015-03-04]
FF Extension: DOM Inspector - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector@mozilla.org [2014-12-16]
FF Extension: Tab Groups Helper - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabgroupshelper@kevinallasso.org [2015-01-25]
FF Extension: TableTools2 - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabletools2@mingyi.org [2014-12-13]
FF Extension: YouTube Unblocker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\youtubeunblocker@unblocker.yt [2014-12-15]
FF Extension: Liquid Words - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2014-12-13]
FF Extension: Diigo Toolbar - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2014-08-19]
FF Extension: Autofill Forms - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-12]
FF Extension: Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-13]
FF Extension: Firefinder for Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firefinder@robertnyman.com.xpi [2014-12-13]
FF Extension: FirePath - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\FireXPath@pierre.tholence.com.xpi [2014-12-13]
FF Extension: HeadingsMap - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\headings@niquelheadings.net.xpi [2014-12-13]
FF Extension: ProxTube - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\ich@maltegoetz.de.xpi [2014-12-15]
FF Extension: Google search link fix - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-12-15]
FF Extension: Lightbeam - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-12-11]
FF Extension: Official My JDownloader Add-On - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2014-09-04]
FF Extension: Tab Counter - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabcounter@morac.xpi [2015-02-12]
FF Extension: UploadScreenshot.com Capture - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\uss-button@uploadscreenshot.com.xpi [2014-12-11]
FF Extension: xpath finder - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\xpath_finder@xpath_finder.com.xpi [2014-12-13]
FF Extension: Resurrect Pages - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2014-12-13]
FF Extension: Clean Links - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-12-15]
FF Extension: xpathprototyping - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{15b08099-6b77-43bc-8e70-69b85eeef09d}.xpi [2014-12-13]
FF Extension: XmlUtils - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{2fb6bf28-e829-4804-ab69-3bdb7d5fa997}.xpi [2014-12-13]
FF Extension: LinkWalker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{398BEB7C-752C-4378-87EA-D775CE1FD9B9}.xpi [2014-12-13]
FF Extension: XPath Checker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}.xpi [2014-12-13]
FF Extension: QuickTime Plugin - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{85c379fe-b97f-4ae6-88f9-4086c494b77e}.xpi [2014-12-21]
FF Extension: Adblock Plus - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\MozillaFFNightly\firefox.exe
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitford) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjcpjkkccmhfopfciohkkfolnjbbdoh [2014-09-04]
CHR Extension: (Regex Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2014-03-17]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-29]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-21]
CHR Extension: (Google Docs) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]
CHR Extension: (Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]
CHR Extension: (CSS Selector Tester) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbklnaodgoocmcdejoalmbjihhdkbfon [2014-09-04]
CHR Extension: (Table2CSV) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjpegmibcoolkaoloohgjcagfhifiah [2014-03-21]
CHR Extension: (Warehouse) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmlfjedmpigingginfielgaemionchf [2014-03-17]
CHR Extension: (Designer Tools) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\begphfmcgdepfkoofbpkfcnimdeocadd [2014-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Web Developer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-04]
CHR Extension: (ColorZilla) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-09-04]
CHR Extension: (Cloud Kite) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\biagdapeolcddppdgcocjkdjfhlodegf [2014-09-04]
CHR Extension: (MEGA) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-05-12]
CHR Extension: (YouTube) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]
CHR Extension: (Strict Workflow) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-03-21]
CHR Extension: (Maestro BPM) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chldapjgnddmiimikjihplihdggkmhmm [2014-09-04]
CHR Extension: (OneTab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-09-04]
CHR Extension: (Adblock for Youtube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-04]
CHR Extension: (RegExp Tester App) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmblmkfaijaadfjapjddbeaoffeccib [2014-03-17]
CHR Extension: (Google Search) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]
CHR Extension: (Snip to drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfklphbiceofdlbejbgglhdgdajliphg [2014-03-21]
CHR Extension: (Remove Google Redirection) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2014-11-18]
CHR Extension: (Session Buddy) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-09-04]
CHR Extension: (Table-of-contents-crx) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeknhipceeelbgdbcmchicoaoalfdnhi [2014-03-21]
CHR Extension: (XV — XML Viewer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2014-03-17]
CHR Extension: (Tabs Outliner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-21]
CHR Extension: (Morphine) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2014-03-21]
CHR Extension: (Page Code Reverser) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\feobacmbekoonbggodgigfopfnfiggdn [2014-03-21]
CHR Extension: (XML Tree) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-03-21]
CHR Extension: (KustomNote) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbhnopbeccehmeofkcegmekomjhdenp [2014-09-04]
CHR Extension: (Save to Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-03-21]
CHR Extension: (Show Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2014-11-23]
CHR Extension: (IE Tab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-26]
CHR Extension: (Post to WordPress) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej [2014-09-04]
CHR Extension: (Google Keep - notes and lists) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-17]
CHR Extension: (Cool Clock) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-03-21]
CHR Extension: (Table Capture) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2014-03-17]
CHR Extension: (ProxMate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-11-24]
CHR Extension: (Save this page with CleanSave) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplagehfoafmmjppeijnpkohihcllici [2014-09-04]
CHR Extension: (WordPress Plugin Sniffer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdmbobghippoogeagbcimaolcfbjoihk [2014-09-04]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-09-04]
CHR Extension: (Web Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2014-03-17]
CHR Extension: (Open Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2014-11-23]
CHR Extension: (table to csv) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\khobgoemenoleeedfbilehnpoelmkbko [2014-03-17]
CHR Extension: (Mohiomap) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2014-09-04]
CHR Extension: (Diigo Web) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2014-03-17]
CHR Extension: (The Great Suspender) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-03-17]
CHR Extension: (Auto HD For YouTube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-04]
CHR Extension: (Business Process Simulator) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagcfcefblfnmjkkkdekiidfefhgodmk [2014-09-04]
CHR Extension: (XPath) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbghbpofdlcecfbpjgmffnkieenjkboi [2014-09-04]
CHR Extension: (Text compare, Diff Tools for Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcdojpmjehlniamnglpjlldkoonlomb [2014-09-04]
CHR Extension: (rigrr) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkefodmoklnelkhifkakjlgncijfnnf [2014-03-21]
CHR Extension: (Quick Note) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-03-21]
CHR Extension: (GetThemAll Downloader) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-04]
CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]
CHR Extension: (DataMiner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2014-03-21]
CHR Extension: (Mural.ly) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2014-09-04]
CHR Extension: (CCTV View) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj [2014-03-17]
CHR Extension: (ColorPick Eyedropper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-09-04]
CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-07-29]
CHR Extension: (Pomodoro) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\opodpodbjdmaealpookfkofenoboahfe [2014-03-21]
CHR Extension: (4chan Plus) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-09-04]
CHR Extension: (Evernote Web Clipper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-04]
CHR Extension: (Gmail) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02] (Lavasoft Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-02-26] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 PORTMON; E:\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS [28656 2015-02-24] (Systems Internals) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-07 19:01 - 2015-03-07 19:01 - 00031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db
2015-03-07 18:23 - 2015-03-07 18:23 - 00000837 _____ () C:\Users\GoodEnd\Desktop\_0 DD dirbama dabar - Shortcut.lnk
2015-03-05 08:24 - 2015-03-07 19:34 - 00003876 _____ () C:\Windows\System32\Tasks\BASICTASKAZ periodicaly clean temp
2015-03-05 04:50 - 2015-03-05 04:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\LavasoftStatistics
2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Lavasoft
2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-03-05 04:49 - 2015-03-02 18:02 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-05 04:49 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-05 04:48 - 2015-03-07 19:52 - 00002283 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-03-05 04:48 - 2015-03-05 05:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Lavasoft
2015-03-05 04:48 - 2015-03-05 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-03-05 04:47 - 2015-03-05 04:47 - 00000000 ____D () C:\Program Files\Lavasoft
2015-03-05 04:45 - 2015-03-05 04:45 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-03-04 10:16 - 2015-03-04 20:33 - 00000000 ____D () C:\AdwCleaner
2015-03-04 09:50 - 2015-03-05 04:48 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-03-03 10:23 - 2015-03-03 10:23 - 00199300 _____ () C:\ProgramData\1425370791.bdinstall.bin
2015-03-03 10:21 - 2015-03-03 10:21 - 00002134 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-03-03 10:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-03-03 10:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-03-03 10:20 - 2015-03-03 10:21 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-03 10:20 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-03-03 10:20 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-03-03 10:18 - 2015-03-03 10:19 - 00000000 ____D () C:\Program Files\MozillaFFNightly
2015-03-03 07:57 - 2015-03-03 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48A01207.sys
2015-03-03 05:35 - 2015-03-03 09:22 - 00000000 ____D () C:\KVRT_Data
2015-03-02 12:48 - 2015-03-02 12:49 - 02209668 _____ () C:\Users\GoodEnd\Downloads\wsusoffline952.zip
2015-03-02 10:40 - 2015-03-02 10:40 - 00137205 _____ () C:\Users\GoodEnd\Downloads\Microsoft posts tips for overcoming Windows 8.1 Update KB 2919355 errors _ InfoWorld.html
2015-03-01 16:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-01 09:46 - 2015-03-01 09:47 - 00294392 _____ () C:\Windows\Minidump\030115-45109-01.dmp
2015-03-01 09:46 - 2015-03-01 09:46 - 698376508 _____ () C:\Windows\MEMORY.DMP
2015-02-28 21:29 - 2015-02-28 21:29 - 00002259 _____ () C:\Windows\epplauncher.mif
2015-02-27 16:25 - 2015-03-08 10:36 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\CrashDumps
2015-02-27 15:16 - 2015-02-27 15:16 - 00000000 ____D () C:\ProgramData\Panda Security
2015-02-26 00:53 - 2015-02-26 00:53 - 00000672 _____ () C:\Windows\system32\.crusader
2015-02-26 00:37 - 2015-02-26 00:37 - 00003306 _____ () C:\Windows\System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C}
2015-02-26 00:31 - 2015-02-26 00:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-26 00:31 - 2015-02-26 00:31 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-26 00:19 - 2015-02-26 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-26 00:18 - 2015-02-26 02:09 - 00000000 ____D () C:\Users\GoodEnd\Desktop\mbar
2015-02-25 23:15 - 2015-03-08 10:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 23:15 - 2015-02-26 00:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 23:15 - 2015-02-25 23:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 23:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 23:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 22:10 - 2015-03-07 19:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-25 22:10 - 2015-02-25 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-25 12:39 - 2015-03-05 05:44 - 00003996 _____ () C:\Windows\PFRO.log
2015-02-25 04:53 - 2015-02-25 04:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\system32\locale.nls
2015-02-25 04:44 - 2015-01-09 08:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-02-25 04:44 - 2015-01-09 07:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-02-24 07:00 - 2015-02-24 07:00 - 00000000 ____D () C:\ProgramData\F-Secure
2015-02-24 06:58 - 2015-02-24 06:58 - 00470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:57 - 2015-02-24 06:57 - 00212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:48 - 2015-02-24 18:58 - 00000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 00000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2015-02-24 05:53 - 2015-03-08 04:45 - 01678545 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 04:47 - 2015-03-07 17:02 - 00000000 ____D () C:\Users\GoodEnd\Desktop\_antivirus
2015-02-24 04:47 - 2015-03-01 16:24 - 05612482 ____R (Swearware) C:\Users\GoodEnd\Desktop\ComboFix.exe
2015-02-24 04:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-24 04:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-24 04:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-24 04:17 - 2015-03-01 17:40 - 00000000 ____D () C:\Qoobox
2015-02-24 04:14 - 2015-02-24 05:05 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 03:50 - 2015-03-08 11:07 - 00000000 ____D () C:\FRST
2015-02-24 02:51 - 2015-03-03 10:21 - 00001209 _____ () C:\Windows\setupact.log
2015-02-24 02:51 - 2015-02-24 02:51 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-24 02:41 - 2015-03-07 18:13 - 00003124 _____ () C:\Windows\System32\Tasks\startupcleantemp
2015-02-24 02:38 - 2015-03-03 10:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupRem
2015-02-23 06:45 - 2015-02-28 22:27 - 00000000 ____D () C:\Windows\pss
2015-02-22 03:23 - 2015-02-22 03:23 - 00003770 _____ () C:\Users\GoodEnd\Documents\ForceSynchronizeTime.xml
2015-02-22 00:36 - 2015-02-22 00:36 - 00000902 _____ () C:\Users\GoodEnd\Downloads\_codeplex.com - Shortcut.lnk
2015-02-21 17:55 - 2015-02-21 17:59 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_ideas
2015-02-21 01:18 - 2015-02-21 01:18 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_hardware
2015-02-20 05:50 - 2015-02-21 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-20-03-50-41.093-AvastVBoxSVC.exe-4652.log
2015-02-20 04:01 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-02-20 04:00 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-02-20 03:08 - 2015-02-20 04:00 - 00003408 _____ () C:\Windows\System32\Tasks\BASIC TASK daily routine
2015-02-20 03:02 - 2015-02-20 04:06 - 00000610 _____ () C:\Users\GoodEnd\Documents\daily.txt
2015-02-18 12:25 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-25-42.081-aswFe.exe-6800.log
2015-02-18 12:21 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-21-58.095-aswFe.exe-5904.log
2015-02-18 12:21 - 2015-02-18 12:21 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-21-57.074-AvastVBoxSVC.exe-6716.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-14-03.077-aswFe.exe-6884.log
2015-02-18 12:14 - 2015-02-18 12:14 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-14-01.051-AvastVBoxSVC.exe-3600.log
2015-02-18 11:59 - 2015-02-18 12:01 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-59-36.088-AvastVBoxSVC.exe-2304.log
2015-02-15 21:06 - 2015-02-15 21:06 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\www.shadowexplorer.com
2015-02-14 18:50 - 2015-02-14 18:50 - 00000000 ____D () C:\Users\GoodEnd\Documents\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000760 _____ () C:\Users\Public\Desktop\MEGAsync.lnk
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Mega Limited
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\MEGAsync
2015-02-14 00:18 - 2015-01-23 07:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 00:18 - 2015-01-23 06:27 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 10:31 - 2015-01-29 10:30 - 00593408 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00467952 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2015-02-11 10:31 - 2015-01-29 10:30 - 00011056 _____ () C:\Windows\system32\AutoconfigV2.cab
2015-02-11 10:31 - 2015-01-29 10:05 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-02-11 10:31 - 2015-01-29 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-02-11 10:31 - 2015-01-29 08:19 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-02-11 10:31 - 2015-01-15 13:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-02-11 10:31 - 2015-01-15 13:43 - 01282560 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-02-11 10:31 - 2015-01-15 12:00 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-02-11 10:31 - 2015-01-15 11:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 10:31 - 2015-01-15 11:09 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 10:31 - 2015-01-15 06:08 - 00568656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 10:31 - 2015-01-09 06:33 - 04061696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:30 - 2015-01-12 08:49 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-02-11 10:30 - 2015-01-12 08:49 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 10:30 - 2015-01-12 08:48 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 15403008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 02655744 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 10:30 - 2015-01-12 08:47 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 08:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 10:30 - 2015-01-12 07:07 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 10:30 - 2015-01-12 07:07 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 10:30 - 2015-01-12 07:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 10:30 - 2015-01-12 06:16 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 10:30 - 2015-01-12 05:46 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-11 10:29 - 2015-01-12 08:49 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 10:29 - 2015-01-12 07:07 - 01338880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 10:29 - 2014-12-18 10:51 - 00096576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-02-11 10:29 - 2014-12-18 08:52 - 00889344 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-11 10:29 - 2014-12-18 08:51 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-11 10:29 - 2014-12-18 08:50 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-02-11 10:29 - 2014-12-18 08:20 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-11 10:29 - 2014-12-09 01:14 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 10:29 - 2014-12-08 08:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 10:29 - 2014-12-08 07:04 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 10:29 - 2014-11-26 08:43 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 10:29 - 2014-11-26 06:50 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 10:28 - 2015-01-15 23:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-08 11:04 - 2014-03-06 13:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 11:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-03-08 10:56 - 2014-03-04 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 10:54 - 2014-02-28 00:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Mozilla
2015-03-08 10:24 - 2014-02-27 13:51 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job
2015-03-08 08:57 - 2014-03-30 15:54 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9EC9E2-1ACB-42F3-A8C9-A4E462E25A3F}
2015-03-08 08:35 - 2014-08-20 19:27 - 00574464 ___SH () C:\Users\GoodEnd\Desktop\Thumbs.db
2015-03-08 00:15 - 2014-11-03 17:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Listary
2015-03-08 00:09 - 2014-09-06 16:04 - 00000000 ____D () C:\logs_az
2015-03-07 22:04 - 2014-03-06 13:24 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 19:51 - 2014-08-09 03:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-07 19:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 19:26 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-07 19:10 - 2014-12-04 02:14 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-07 17:33 - 2014-03-09 20:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-07 16:00 - 2014-08-09 03:05 - 00000000 ____D () C:\Dell
2015-03-06 11:32 - 2013-09-27 02:15 - 00000000 ____D () C:\batW8
2015-03-05 17:24 - 2014-02-27 13:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job
2015-03-04 20:51 - 2014-02-25 14:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-523973353-2006286681-1537153563-1001
2015-03-04 18:40 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-04 10:11 - 2014-08-15 01:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-04 01:52 - 2012-07-26 09:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 10:20 - 2014-03-09 05:17 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\QuickScan
2015-03-03 09:23 - 2014-03-04 06:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-03 08:51 - 2013-09-22 03:34 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_software
2015-03-03 05:35 - 2014-08-16 20:14 - 00007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-03-03 02:14 - 2014-10-18 13:56 - 00448784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-01 17:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-01 17:35 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2015-03-01 09:46 - 2014-03-17 05:00 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 04:06 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Dropbox
2015-02-27 16:32 - 2014-05-25 15:27 - 00000000 ___RD () C:\Users\GoodEnd\Dropbox
2015-02-27 15:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\schemas
2015-02-26 21:02 - 2014-06-30 18:43 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Skype
2015-02-26 02:10 - 2014-09-24 22:05 - 00000000 ____D () C:\Users\GoodEnd\Documents\Outlook Files
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Deployment
2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Apps\2.0
2015-02-26 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\addins
2015-02-25 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration
2015-02-25 12:23 - 2014-02-26 15:57 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Citrix
2015-02-24 05:53 - 2014-02-25 14:44 - 00000000 ____D () C:\Windows\softwaredistribution.bak
2015-02-24 05:12 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2015-02-24 02:52 - 2014-08-10 10:14 - 00002222 _____ () C:\Windows\diagwrn.xml
2015-02-24 02:52 - 2014-08-10 10:14 - 00001908 _____ () C:\Windows\diagerr.xml
2015-02-23 05:47 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\GoodEnd
2015-02-22 17:53 - 2014-09-16 15:51 - 00000000 ____D () C:\MyWget
2015-02-20 12:27 - 2014-12-16 08:55 - 00000000 ____D () C:\Users\GoodEnd\vpworkspace40
2015-02-20 03:02 - 2014-11-11 23:11 - 00328192 ___SH () C:\Users\GoodEnd\Documents\Thumbs.db
2015-02-20 01:06 - 2014-11-26 00:12 - 00000000 ____D () C:\Users\GoodEnd\Documents\VPProjects
2015-02-19 22:57 - 2014-11-26 00:11 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\VisualParadigm
2015-02-17 08:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 04:20 - 2014-11-17 23:36 - 00000000 ____D () C:\Windows\rescache
2015-02-14 00:06 - 2014-04-25 14:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\IE Tab
2015-02-13 23:31 - 2014-08-20 20:05 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-13 23:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2015-02-13 23:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-11 18:43 - 2014-11-07 11:50 - 00000000 ____D () C:\Users\GoodEnd\Downloads\NTAKD specifikacija
2015-02-11 18:38 - 2014-12-16 08:52 - 00000000 ____D () C:\Program Files (x86)\VP Suite 5.0
2015-02-11 18:38 - 2014-12-16 08:14 - 00000133 _____ () C:\Users\GoodEnd\.vpinstall.properties
2015-02-11 11:24 - 2014-02-26 04:30 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 11:23 - 2014-02-26 07:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 11:23 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini
2015-02-11 11:20 - 2014-02-26 00:44 - 00000000 ____D () C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2015-02-24 06:57 - 2015-02-24 06:57 - 0212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache
2015-02-24 06:58 - 2015-02-24 06:58 - 0470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache
2015-02-24 06:38 - 2015-02-24 06:38 - 0000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache
2014-04-16 13:34 - 2014-04-16 13:34 - 0000728 _____ () C:\Users\GoodEnd\AppData\Local\recently-used.xbel
2014-08-16 20:14 - 2015-03-03 05:35 - 0007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg
2015-02-24 06:48 - 2015-02-24 18:58 - 0000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache
2014-12-22 08:07 - 2014-12-22 12:46 - 0620099 _____ () C:\Users\GoodEnd\AppData\Local\TempImage.png
2015-03-07 19:01 - 2015-03-07 19:01 - 0031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db
2015-03-03 10:23 - 2015-03-03 10:23 - 0199300 _____ () C:\ProgramData\1425370791.bdinstall.bin
 
Files to move or delete:
====================
C:\Users\GoodEnd\pdfeditor.dat
 
 
Some content of TEMP:
====================
C:\Users\GoodEnd\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-05 05:01
 
==================== End Of Log ============================
 
 

 

**************************************

Addition.txt

**************************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by GoodEnd at 2015-03-08 11:08:09
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.908.1803 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AutoHotkey 1.1.16.05 (HKLM\...\AutoHotkey) (Version: 1.1.16.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluefish 2.2.5 (HKLM-x32\...\Bluefish) (Version: 2.2.5 - The Bluefish Developers)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
ccc-core-static (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Menu for Office Enterprise 2010 and 2013 v5.55 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.55 - Addintools)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Diigo Single Button (HKLM-x32\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
Dropbox (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
FSS Google Books Downloader version 1.4.5.7 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.4.5.7 - FreeSmartSoft Ltd.)
FSS Google Maps Downloader version 1.0.5.6 (HKLM-x32\...\FSS Google Maps Downloader_is1) (Version: 1.0.5.6 - FreeSmartSoft Ltd.)
GBLight (HKLM-x32\...\GBLight3.0) (Version: 3.0 - Guided Brainstorming LLC)
GBLightSp (HKLM-x32\...\{557B3F65-15F8-4CCA-8098-AD731AB6DAC4}) (Version: 3.0.0 - Guided Brainstorming LLC)
GBPro (HKLM-x32\...\GBPro3.0) (Version: 3.0 - Guided Brainstorming LLC)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Chrome (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
IDEF0 Editor 2.0 (HKLM-x32\...\IDEF0 Editor 2.0) (Version:  - )
yEd Graph Editor 3.13 (HKLM\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.03.16101 - Sony Corporation)
iMapping Tool Free (HKLM\...\{739A7657-1D9C-47A9-94F3-E0A501A8B6BD}) (Version: 1.0 - Dr. Heiko Haller, www.imapping.info)
import.io (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\{95981586-8D7F-49E9-9C7F-3AA704641471}_is1) (Version: 0.1 - import.io)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM\...\Office14.PROOFKIT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0a1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Network Recording Player (HKLM-x32\...\{EA7547D9-708C-4496-BF2D-8623FB3C4F13}) (Version: 29.8.2.10049 - Cisco WebEx LLC)
Nightly 39.0a1 (x64 en-US) (HKLM\...\Nightly 39.0a1 (x64 en-US)) (Version: 39.0a1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5922 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Optimum version 14.0.0.146 (HKLM-x32\...\Optimum_is1) (Version: 14.0.0.146 - Optimum Systems)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Info 2.02 (HKLM-x32\...\PDF Info_is1) (Version:  - Bureausoft Corporation)
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.3.4.2350 - Simon Steele)
ProjectLibre (HKLM-x32\...\{0615141F-66B8-4861-9723-BF0CDBF29328}) (Version: 1.5.18.0 - ProjectLibre)
RICOH Media Driver ver.2.11.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)
Semantic IDE version 1.0.2.5 (HKLM-x32\...\{0C065F81-9A21-4E9C-8A78-C60DB683676A}_is1) (Version: 1.0.2.5 - Semantic Technology Company Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_{F2D64AA9-2EE6-423B-AD9E-B0780FA11F0A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skins (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Southbeach Modeller (HKLM-x32\...\Southbeach Modeller) (Version: 3.0.0.2 - Southbeach Solutions Ltd)
Swiftlight (HKLM-x32\...\Swiftlight) (Version:  - Torridon Solutions)
Swiftlight (x32 Version: 1.0 - Torridon Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teleport VLX (HKLM-x32\...\Teleport VLX) (Version: 1.59 - Tennyson Maxwell Information Systems, Inc.)
VeryPDF PDF Editor v4.1 (HKLM-x32\...\VeryPDF PDF Editor v4.1_is1) (Version:  - VeryPDF.com, Inc.)
visViewer (HKLM\...\{08593FD5-57C1-4ED1-B6D6-B63B3E785500}) (Version: 3.0.2 - bVisual)
VP Suite 5.0 (HKLM-x32\...\VP Suite 5.0) (Version:  - Visual Paradigm International Ltd.)
Web Companion (HKLM-x32\...\{AB75B78F-CFFA-4027-A8DC-94357F2F77EE}_WebCompanion) (Version: 1.1.908.1803 - Lavasoft)
WhiteStarUML (HKLM-x32\...\WhiteStarUML) (Version:  - Janusz Szpilewski)
WhiteStarUML (x32 Version: 5.5.8 - Janusz Szpilewski) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XMind 1.0Beta (HKLM-x32\...\XMind Project_is1) (Version: 1.0Beta - NGLogic)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> E:\PA\PortableApps\DropboxPortableAHK1682beta\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
28-02-2015 23:32:56 Scheduled Checkpoint
05-03-2015 04:44:33 AA11
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2015-02-25 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A8633C2-B8ED-4266-B94D-26F027AD98A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {11E88EC8-26DA-45B3-BD9F-3E7399C74EF1} - System32\Tasks\BASIC TASK daily routine => C:\Users\GoodEnd\Documents\daily.txt [2015-02-20] ()
Task: {19C919EB-DD7F-4794-BB8F-164DFCB24C51} - System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C} => pcalua.exe -a C:\Users\GoodEnd\AppData\Local\Apps\2.0\9D5OY6BR.XVD\1HAYT0X8.MXX\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\Uninstaller.exe -c uninstall
Task: {3F74D098-B98C-4ED2-81BE-35C73BAC6E29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {4FA8E328-8F5F-452D-BFB7-B065A024653A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {5302DF3D-3FB6-4EF0-848C-6C6B4EA6D789} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-29] (Microsoft Corporation)
Task: {574FAC6D-80B2-44BE-AD83-89BEFB0B6960} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {79AE7CAC-FCE5-4A06-BFFA-8180636780F2} - System32\Tasks\startupcleantemp => C:\batW8\startupcleantemp.bat [2015-02-23] ()
Task: {7A90580F-0FCB-4695-B42D-39E0ADFDA4AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8BDFEED8-8CAB-40F9-BA8B-C79E3C139516} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BAC3C4DE-A531-4160-907A-9FAF1A1330F1} - System32\Tasks\BASICTASKAZ periodicaly clean temp => C:\batW8\scheduled_clean_temp.bat [2015-03-08] ()
Task: {C713206A-AF3B-4606-80A0-BCB8BBDF4877} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {CEB1EF51-A3F6-42CD-A2F9-9ECAED91D355} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {F075DF7A-1BE6-4217-A7B1-F5095579436E} - System32\Tasks\visit-daily-inventship bat => E:\PA\PortableApps\AutoHotKey\visit-daily-inventship.bat [2014-10-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-03 10:21 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-03-03 10:21 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-11-03 04:24 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-02 18:00 - 2015-03-02 18:00 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2014-08-29 21:57 - 2012-09-05 11:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00286720 _____ () E:\PA\PortableApps\launchy\launchy.exe
2012-03-29 14:56 - 2012-03-29 14:56 - 00089944 _____ () E:\PA\PortableApps\ListaryPortable\App\Listary\X64\CrashRpt1300.dll
2012-05-08 08:50 - 2012-05-08 08:50 - 00047960 _____ () E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe
2015-03-07 12:16 - 2015-03-07 12:16 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030700\algo.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-07 23:52 - 2015-03-07 23:52 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030701\algo.dll
2014-05-01 16:15 - 2014-05-01 16:15 - 00463360 _____ () C:\ProgramData\MEGAsync\ShellExtX32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00072512 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-02 18:01 - 2015-03-02 18:01 - 00069960 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-02 18:00 - 2015-03-02 18:00 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2014-11-19 13:24 - 2014-11-19 13:24 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-26 17:20 - 2008-05-24 12:31 - 07061504 _____ () E:\PA\PortableApps\launchy\QtGui4.dll
2011-12-26 17:20 - 2008-05-24 12:20 - 00561152 _____ () E:\PA\PortableApps\launchy\QtNetwork4.dll
2011-12-26 17:20 - 2008-05-24 12:19 - 01961984 _____ () E:\PA\PortableApps\launchy\QtCore4.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00053248 _____ () E:\PA\PortableApps\launchy\platform_win.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00061440 _____ () E:\PA\PortableApps\launchy\plugins\calcy.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00021504 _____ () E:\PA\PortableApps\launchy\plugins\gcalc.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00069632 _____ () E:\PA\PortableApps\launchy\plugins\runner.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00098304 _____ () E:\PA\PortableApps\launchy\plugins\weby.dll
2015-03-08 00:15 - 2015-03-08 00:15 - 00011264 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsxDC89.tmp\System.dll
2015-03-08 00:15 - 2015-03-08 00:15 - 00121344 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsxDC89.tmp\xml.dll
2015-03-08 10:54 - 2015-03-08 10:54 - 00029696 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsd706F.tmp\registry.dll
2015-03-08 10:54 - 2015-03-08 10:54 - 00011264 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsd706F.tmp\System.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 208.67.222.222 - 208.67.220.220
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\StartupFolder: => "TheBrain.lnk"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "StartCCC"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "KakaoTalk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-523973353-2006286681-1537153563-500 - Administrator - Disabled)
GoodEnd (S-1-5-21-523973353-2006286681-1537153563-1001 - Administrator - Enabled) => C:\Users\GoodEnd
Guest (S-1-5-21-523973353-2006286681-1537153563-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-523973353-2006286681-1537153563-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Usbccid Smartcard Reader (WUDF)
Description: Microsoft Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2015 10:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Faulting module name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Exception code: 0xc0000005
Fault offset: 0x0000000000024a1a
Faulting process id: 0x2500
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5
 
Error: (03/07/2015 07:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Faulting module name: FRST64.exe, version: 7.3.2015.1, time stamp: 0x54fb09c6
Exception code: 0xc0000005
Fault offset: 0x0000000000024a00
Faulting process id: 0x1be0
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5
 
Error: (03/06/2015 05:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2015 05:44:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2015 01:58:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Activation of app Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2015 05:24:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc000041d
Fault offset: 0x00000000000b57ce
Faulting process id: 0x2598
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (03/06/2015 05:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc0000005
Fault offset: 0x00000000000b57ce
Faulting process id: 0x2598
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
 
System errors:
=============
Error: (03/07/2015 07:54:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1058
 
Error: (03/07/2015 07:50:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error: 
%%1053
 
Error: (03/07/2015 07:50:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (03/07/2015 07:48:59 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (03/07/2015 07:48:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error: 
%%109
 
Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/07/2015 07:48:10 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (03/07/2015 07:48:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (03/08/2015 10:36:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe7.3.2015.154fb09c6FRST64.exe7.3.2015.154fb09c6c00000050000000000024a1a250001d0597a82af7b8aC:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exeC:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exe3269007d-c56e-11e4-bf0b-5c260a06833a
 
Error: (03/07/2015 07:31:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST64.exe7.3.2015.154fb09c6FRST64.exe7.3.2015.154fb09c6c00000050000000000024a001be001d058fc9c6238a3C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exeC:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool\FRST64.exedb720515-c4ef-11e4-bf0a-5c260a06833a
 
Error: (03/06/2015 05:58:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142
 
Error: (03/06/2015 05:44:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927142
 
Error: (03/06/2015 01:58:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: goodend-delaz)
Description: Microsoft.BingWeather_8wekyb3d8bbwe!App-2144927142
 
Error: (03/06/2015 05:24:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000041d00000000000b57ce259801d057bcfd031ff9C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll5e2aba27-c3b0-11e4-bf08-5c260a06833a
 
Error: (03/06/2015 05:24:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000000500000000000b57ce259801d057bcfd031ff9C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll5c57e583-c3b0-11e4-bf08-5c260a06833a
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-25 12:13:41.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 12:13:40.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 10:08:46.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 10:08:46.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 21:37:03.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 21:37:03.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 19:03:19.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 04:59:41.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 48%
Total physical RAM: 8053.83 MB
Available physical RAM: 4110.9 MB
Total Pagefile: 12917.83 MB
Available Pagefile: 8029.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (W8) (Fixed) (Total:116 GB) (Free:43.71 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:17.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DataVolume) (Fixed) (Total:156.72 GB) (Free:12.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8AD8D52D)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=46.6 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 10 March 2015 - 09:51 AM

Looking good.

Any remaining issues?

#8 goodend

goodend
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 15 March 2015 - 05:02 AM

not good

 

this (last) week I was using Google Chrome Portable (i.e. not using Firerfox portable) but malware started 2 times creating folders & files Temp1_ * .zip in appdata/local/temp - so I had to reboot to continue my work

 

next week I'll try to understand what invokes this behavior and generate new FRST logs



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 15 March 2015 - 08:25 AM

Topics that I just found with similar issues - Hope it helps.
http://www.bleepingcomputer.com/forums/t/275095/internet-search-hijacker/

http://www.bleepingcomputer.com/forums/t/275095/internet-search-hijacker/

http://processchecker.com/file/FastIn2k.exe.html

My Google link search:
https://www.google.com/search?as_q=&as_epq=+appdata%2Flocal%2Ftemp%5CTemp1_&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&tbs=&as_filetype=&as_rights=&gws_rd=ssl#q=%22+appdata/local/temp%5CTemp1_%22&as_qdr=all&start=0

p.s.
You have many Chrome extensions that I'm not aware off.
Disable half of them and if the problem persists enable them and disable all the others.
You may be able to find the culprit.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 15 March 2015 - 08:25 AM

Topics that I just found with similar issues - Hope it helps.
http://www.bleepingcomputer.com/forums/t/275095/internet-search-hijacker/

http://www.bleepingcomputer.com/forums/t/275095/internet-search-hijacker/

http://processchecker.com/file/FastIn2k.exe.html

My Google link search:
https://www.google.com/search?as_q=&as_epq=+appdata%2Flocal%2Ftemp%5CTemp1_&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&tbs=&as_filetype=&as_rights=&gws_rd=ssl#q=%22+appdata/local/temp%5CTemp1_%22&as_qdr=all&start=0

p.s.
You have many Chrome extensions that I'm not aware off.
Disable half of them and if the problem persists enable them and disable all the others.
You may be able to find the culprit.

#11 goodend

goodend
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:22 PM

Posted 16 March 2015 - 11:15 AM

today malware started after fresh reboot, without browser, just after Word. Here are FRST logs:

 

*********************************************

FRST.txt

*********************************************

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by GoodEnd (administrator) on GOODEND-DELAZ on 16-03-2015 07:05:34

Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool

Loaded Profiles: GoodEnd (Available profiles: GoodEnd & Guest)

Platform: Windows 8 Pro (X64) OS Language: English (United States)

Internet Explorer Version 10 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe

(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(PortableApps.com) E:\PA\PortableApps\PortableApps.com\PortableAppsPlatform.exe

() E:\PA\PortableApps\Launchy\Launchy.exe

(PortableApps.com) E:\PA\PortableApps\ListaryPortable\ListaryPortable.exe

(Bopsoft) E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary.exe

() E:\PA\PortableApps\ListaryPortable\App\Listary\X64\Listary32helper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4791024 2013-07-17] (Intel® Corporation)

HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686744 2012-09-05] ()

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-04] (NVIDIA Corporation)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [] => [X]

HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe [8947008 2014-12-18] ()

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-09-16] (Intel Corporation)

HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [5564104 2014-09-05] (Kakao Inc.)

HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1303872 2015-03-12] (Lavasoft)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll ()

BootExecute: ampa

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-11-19] (AVAST Software)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-11-19] (AVAST Software)

BHO-x32: Diigo Single Button Helper -> {B3BA3FC4-8D87-4B89-B2B1-7BEE62D1D324} -> C:\Program Files (x86)\Diigo.inc\Diigo Single Button\DiigoSingleButton.dll [2013-03-20] (Diigo.inc)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)

Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)

Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)

Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)

Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [325944] (Lavasoft Limited)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)

Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)

Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)

Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)

Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [372248] (Lavasoft Limited)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{50B1214A-DFB3-4B11-AED1-58731002F4A1}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{D101DAE4-B7C3-4BF5-91B2-8A7F85D09999}: [NameServer] 208.67.222.222,208.67.220.220

 

FireFox:

========

FF ProfilePath: C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-14] ()

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2010-07-31] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2010-07-31] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @citrixonline.com/appdetectorplugin -> C:\Users\GoodEnd\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-26] (Citrix Online)

FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)

FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @talk.google.com/O1DPlugin -> C:\Users\GoodEnd\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)

FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=3 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)

FF Plugin HKU\S-1-5-21-523973353-2006286681-1537153563-1001: @tools.google.com/Google Update;version=9 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-09-25] (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\GoodEnd\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)

FF Extension: Customize Your Web - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\customizeyourweb@mouseless.de [2014-12-13]

FF Extension: DevSearch - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\devsearch@penzil.com [2014-12-13]

FF Extension: DOM Inspector Plus! [dm] - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector-dp@mozilla.org [2015-03-04]

FF Extension: DOM Inspector - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\inspector@mozilla.org [2014-12-16]

FF Extension: Tab Groups Helper - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabgroupshelper@kevinallasso.org [2015-01-25]

FF Extension: TableTools2 - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabletools2@mingyi.org [2014-12-13]

FF Extension: Liquid Words - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2014-12-13]

FF Extension: Diigo Toolbar - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} [2014-08-19]

FF Extension: Autofill Forms - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\autofillForms@blueimp.net.xpi [2014-12-12]

FF Extension: Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firebug@software.joehewitt.com.xpi [2014-12-13]

FF Extension: Firefinder for Firebug - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\firefinder@robertnyman.com.xpi [2014-12-13]

FF Extension: FirePath - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\FireXPath@pierre.tholence.com.xpi [2014-12-13]

FF Extension: HeadingsMap - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\headings@niquelheadings.net.xpi [2014-12-13]

FF Extension: ProxTube - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\ich@maltegoetz.de.xpi [2014-12-15]

FF Extension: Google search link fix - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2014-12-15]

FF Extension: Lightbeam - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2014-12-11]

FF Extension: Official My JDownloader Add-On - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2014-09-04]

FF Extension: Tab Counter - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\tabcounter@morac.xpi [2015-02-12]

FF Extension: UploadScreenshot.com Capture - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\uss-button@uploadscreenshot.com.xpi [2014-12-11]

FF Extension: xpath finder - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\xpath_finder@xpath_finder.com.xpi [2014-12-13]

FF Extension: Resurrect Pages - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi [2014-12-13]

FF Extension: Clean Links - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi [2014-12-15]

FF Extension: xpathprototyping - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{15b08099-6b77-43bc-8e70-69b85eeef09d}.xpi [2014-12-13]

FF Extension: XmlUtils - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{2fb6bf28-e829-4804-ab69-3bdb7d5fa997}.xpi [2014-12-13]

FF Extension: LinkWalker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{398BEB7C-752C-4378-87EA-D775CE1FD9B9}.xpi [2014-12-13]

FF Extension: XPath Checker - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{7eb3f691-25b4-4a85-9038-9e57e2bcd537}.xpi [2014-12-13]

FF Extension: QuickTime Plugin - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{85c379fe-b97f-4ae6-88f9-4086c494b77e}.xpi [2014-12-21]

FF Extension: Adblock Plus - C:\Users\GoodEnd\AppData\Roaming\Mozilla\Firefox\Profiles\bbt4xuxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-09]

StartMenuInternet: FIREFOX.EXE - C:\Program Files\MozillaFFNightly\firefox.exe

 

Chrome: 

=======

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Profile: C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Bitford) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\agjcpjkkccmhfopfciohkkfolnjbbdoh [2014-09-04]

CHR Extension: (Regex Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjalgjglcdpomokfhgcmononebebioc [2014-03-17]

CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-07-29]

CHR Extension: (TooManyTabs for Chrome) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-03-21]

CHR Extension: (Google Docs) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-06]

CHR Extension: (Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-06]

CHR Extension: (CSS Selector Tester) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbklnaodgoocmcdejoalmbjihhdkbfon [2014-09-04]

CHR Extension: (Table2CSV) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjpegmibcoolkaoloohgjcagfhifiah [2014-03-21]

CHR Extension: (Warehouse) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdmlfjedmpigingginfielgaemionchf [2014-03-17]

CHR Extension: (Designer Tools) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\begphfmcgdepfkoofbpkfcnimdeocadd [2014-09-04]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (Web Developer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-09-04]

CHR Extension: (ColorZilla) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2014-09-04]

CHR Extension: (Cloud Kite) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\biagdapeolcddppdgcocjkdjfhlodegf [2014-09-04]

CHR Extension: (MEGA) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-05-12]

CHR Extension: (YouTube) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-06]

CHR Extension: (Strict Workflow) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2014-03-21]

CHR Extension: (Maestro BPM) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chldapjgnddmiimikjihplihdggkmhmm [2014-09-04]

CHR Extension: (OneTab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-09-04]

CHR Extension: (Adblock for Youtube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2014-09-04]

CHR Extension: (RegExp Tester App) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmmblmkfaijaadfjapjddbeaoffeccib [2014-03-17]

CHR Extension: (Google Search) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-06]

CHR Extension: (Snip to drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfklphbiceofdlbejbgglhdgdajliphg [2014-03-21]

CHR Extension: (Remove Google Redirection) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnhjklgpiifbofihffldllbcopkinlod [2014-11-18]

CHR Extension: (Session Buddy) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2014-09-04]

CHR Extension: (Table-of-contents-crx) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeknhipceeelbgdbcmchicoaoalfdnhi [2014-03-21]

CHR Extension: (XV — XML Viewer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeocglpgjdpaefaedpblffpeebgmgddk [2014-03-17]

CHR Extension: (Tabs Outliner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggkanocgddhmamlbiijnphhppkpkmkl [2014-03-21]

CHR Extension: (Morphine) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2014-03-21]

CHR Extension: (Page Code Reverser) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\feobacmbekoonbggodgigfopfnfiggdn [2014-03-21]

CHR Extension: (XML Tree) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbammbheopgpmaagmckhpjbfgdfkpadb [2014-03-21]

CHR Extension: (KustomNote) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbhnopbeccehmeofkcegmekomjhdenp [2014-09-04]

CHR Extension: (Save to Google Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-03-21]

CHR Extension: (Show Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcmgcfdnagjkihmgjhbiombjdcgckgnb [2014-11-23]

CHR Extension: (IE Tab) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2014-06-26]

CHR Extension: (Post to WordPress) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej [2014-09-04]

CHR Extension: (Google Keep - notes and lists) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-03-17]

CHR Extension: (Cool Clock) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\icegcmhgphfkgglbljbkdegiaaihifce [2014-03-21]

CHR Extension: (Table Capture) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebpjdmgckacbodjpijphcplhebcmeop [2014-03-17]

CHR Extension: (ProxMate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifalmiidchkjjmkkbkoaibpmoeichmki [2014-11-24]

CHR Extension: (Save this page with CleanSave) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplagehfoafmmjppeijnpkohihcllici [2014-09-04]

CHR Extension: (WordPress Plugin Sniffer) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdmbobghippoogeagbcimaolcfbjoihk [2014-09-04]

CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-09-04]

CHR Extension: (Web Scraper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2014-03-17]

CHR Extension: (Open Frame) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhjgkkaacdhdioocfbpmhjidbinfajj [2014-11-23]

CHR Extension: (table to csv) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\khobgoemenoleeedfbilehnpoelmkbko [2014-03-17]

CHR Extension: (Mohiomap) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikkonmkmijjlbenemmnoakjmniihppj [2014-09-04]

CHR Extension: (Diigo Web) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2014-03-17]

CHR Extension: (The Great Suspender) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2014-03-17]

CHR Extension: (Auto HD For YouTube™) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2014-09-04]

CHR Extension: (Business Process Simulator) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lagcfcefblfnmjkkkdekiidfefhgodmk [2014-09-04]

CHR Extension: (XPath) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbghbpofdlcecfbpjgmffnkieenjkboi [2014-09-04]

CHR Extension: (Text compare, Diff Tools for Drive) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkcdojpmjehlniamnglpjlldkoonlomb [2014-09-04]

CHR Extension: (rigrr) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkefodmoklnelkhifkakjlgncijfnnf [2014-03-21]

CHR Extension: (Quick Note) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2014-03-21]

CHR Extension: (GetThemAll Downloader) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2014-09-04]

CHR Extension: (Moqups · Mockups, Wireframes & Prototyping) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfbhphohgafllkjnakmdppmmkjfbnke [2014-09-04]

CHR Extension: (Google Wallet) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-06]

CHR Extension: (DataMiner) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nndknepjnldbdbepjfgmncbggmopgden [2014-03-21]

CHR Extension: (Mural.ly) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnhlnnalackljjehlfocmheepffkiihf [2014-09-04]

CHR Extension: (CCTV View) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj [2014-03-17]

CHR Extension: (ColorPick Eyedropper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohcpnigalekghcmgcdcenkpelffpdolg [2014-09-04]

CHR Extension: (Diigo Web Collector - Capture and Annotate) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole [2014-07-29]

CHR Extension: (Pomodoro) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\opodpodbjdmaealpookfkofenoboahfe [2014-03-21]

CHR Extension: (4chan Plus) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinelipedelckihohgdlpcclgocodhjj [2014-09-04]

CHR Extension: (Evernote Web Clipper) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-09-04]

CHR Extension: (Gmail) - C:\Users\GoodEnd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-06]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-19] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-19] (Avast Software)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-04] (NVIDIA Corporation)

R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)

R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [713568 2014-12-18] ()

R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.3.0\LavasoftTcpService.exe [836984 2015-03-02] (Lavasoft Limited)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-04] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-04] (NVIDIA Corporation)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17768 2015-03-12] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()

S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-19] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-19] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-19] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-19] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-19] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-19] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-19] ()

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)

R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)

R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)

S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)

R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)

R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)

R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-14] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-04] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)

S3 PORTMON; E:\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS [28656 2015-02-24] (Systems Internals) [File not signed]

U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [37624 2015-03-08] ()

R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-19] (Avast Software)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-15 11:30 - 2015-03-15 11:30 - 00000000 ____D () C:\N++RECOV

2015-03-13 12:30 - 2015-03-13 12:30 - 00448784 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 00:21 - 2014-04-16 13:34 - 00000728 _____ () C:\Users\GoodEnd\AppData\Local\recently-used.xbel

2015-03-11 13:56 - 2015-02-23 12:52 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-11 13:56 - 2015-02-23 12:52 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-11 13:56 - 2015-02-23 12:51 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-11 13:56 - 2015-02-23 12:51 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2015-03-11 13:56 - 2015-02-23 12:51 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-11 13:56 - 2015-02-23 12:51 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-11 13:56 - 2015-02-23 12:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 19301888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 15410688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-11 13:56 - 2015-02-23 12:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-11 13:56 - 2015-02-23 12:49 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-11 13:56 - 2015-02-23 11:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-11 13:56 - 2015-02-23 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2015-03-11 13:56 - 2015-02-23 10:51 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-03-11 13:56 - 2015-02-21 07:31 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-11 13:56 - 2015-02-21 07:31 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-11 13:56 - 2015-02-21 07:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-11 13:56 - 2015-02-21 07:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 14380544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 13768704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00737280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-11 13:56 - 2015-02-21 07:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-11 13:56 - 2015-02-21 07:29 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-11 13:56 - 2015-02-21 07:29 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-11 13:56 - 2015-02-21 07:29 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-11 13:56 - 2015-02-21 07:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-11 13:56 - 2015-02-21 07:07 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll

2015-03-11 13:56 - 2015-02-21 06:42 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-03-11 13:56 - 2015-02-21 05:00 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2015-03-11 13:55 - 2015-01-24 08:42 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-11 13:55 - 2015-01-24 07:00 - 00243712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-11 13:54 - 2015-03-06 09:39 - 00588800 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2015-03-11 13:54 - 2015-03-06 09:39 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-11 13:54 - 2015-03-06 07:48 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2015-03-11 13:54 - 2015-03-06 07:48 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-11 13:54 - 2015-02-03 01:18 - 00569712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-11 13:53 - 2015-02-26 06:35 - 04063232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-11 13:53 - 2015-02-20 15:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-11 13:53 - 2015-02-20 13:56 - 00366592 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-11 13:53 - 2015-02-20 10:10 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-11 13:53 - 2015-02-20 09:24 - 00304128 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-11 13:53 - 2015-01-31 15:48 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2015-03-11 13:53 - 2015-01-31 07:55 - 00275712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2015-03-11 13:53 - 2015-01-29 10:05 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-11 13:53 - 2015-01-29 08:19 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-11 13:53 - 2015-01-24 08:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-11 13:53 - 2015-01-24 07:00 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-11 13:53 - 2015-01-20 08:41 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-11 13:53 - 2015-01-20 07:10 - 00892416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-11 13:52 - 2015-02-17 08:54 - 19777536 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-11 13:52 - 2015-02-17 07:13 - 17561600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-11 13:52 - 2015-01-29 10:45 - 06973248 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-11 13:52 - 2015-01-24 06:31 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2015-03-11 13:51 - 2015-02-13 01:18 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml

2015-03-10 10:05 - 2015-03-10 10:05 - 00000000 ____D () C:\Users\GoodEnd\Desktop\msohtmlclip101

2015-03-10 03:23 - 2015-03-14 19:03 - 00000000 ____D () C:\Program Files\MozillaFFNightly

2015-03-07 19:01 - 2015-03-07 19:01 - 00031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db

2015-03-07 18:23 - 2015-03-07 18:23 - 00000837 _____ () C:\Users\GoodEnd\Desktop\_0 DD dirbama dabar - Shortcut.lnk

2015-03-05 08:24 - 2015-03-07 19:34 - 00003876 _____ () C:\Windows\System32\Tasks\BASICTASKAZ periodicaly clean temp

2015-03-05 04:50 - 2015-03-05 04:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\LavasoftStatistics

2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Lavasoft

2015-03-05 04:49 - 2015-03-05 04:49 - 00000000 ____D () C:\Program Files (x86)\Lavasoft

2015-03-05 04:49 - 2015-03-02 18:02 - 00372248 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll

2015-03-05 04:49 - 2015-03-02 18:02 - 00325944 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

2015-03-05 04:48 - 2015-03-16 06:27 - 00002283 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

2015-03-05 04:48 - 2015-03-14 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2015-03-05 04:48 - 2015-03-05 05:50 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Lavasoft

2015-03-05 04:47 - 2015-03-05 04:47 - 00000000 ____D () C:\Program Files\Lavasoft

2015-03-05 04:45 - 2015-03-05 04:45 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft

2015-03-04 10:16 - 2015-03-04 20:33 - 00000000 ____D () C:\AdwCleaner

2015-03-04 09:50 - 2015-03-05 04:48 - 00000000 ____D () C:\ProgramData\Lavasoft

2015-03-03 10:23 - 2015-03-03 10:23 - 00199300 _____ () C:\ProgramData\1425370791.bdinstall.bin

2015-03-03 10:21 - 2015-03-03 10:21 - 00002134 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk

2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf

2015-03-03 10:21 - 2015-03-03 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition

2015-03-03 10:21 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys

2015-03-03 10:21 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys

2015-03-03 10:20 - 2015-03-03 10:21 - 00000000 ____D () C:\Program Files\Bitdefender

2015-03-03 10:20 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys

2015-03-03 10:20 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys

2015-03-03 07:57 - 2015-03-03 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48A01207.sys

2015-03-03 05:35 - 2015-03-03 09:22 - 00000000 ____D () C:\KVRT_Data

2015-03-02 12:48 - 2015-03-02 12:49 - 02209668 _____ () C:\Users\GoodEnd\Downloads\wsusoffline952.zip

2015-03-02 10:40 - 2015-03-02 10:40 - 00137205 _____ () C:\Users\GoodEnd\Downloads\Microsoft posts tips for overcoming Windows 8.1 Update KB 2919355 errors _ InfoWorld.html

2015-03-01 16:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-01 09:46 - 2015-03-01 09:47 - 00294392 _____ () C:\Windows\Minidump\030115-45109-01.dmp

2015-03-01 09:46 - 2015-03-01 09:46 - 698376508 _____ () C:\Windows\MEMORY.DMP

2015-02-28 21:29 - 2015-02-28 21:29 - 00002259 _____ () C:\Windows\epplauncher.mif

2015-02-27 16:25 - 2015-03-15 13:56 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\CrashDumps

2015-02-27 15:16 - 2015-02-27 15:16 - 00000000 ____D () C:\ProgramData\Panda Security

2015-02-26 00:53 - 2015-02-26 00:53 - 00000672 _____ () C:\Windows\system32\.crusader

2015-02-26 00:37 - 2015-02-26 00:37 - 00003306 _____ () C:\Windows\System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C}

2015-02-26 00:31 - 2015-02-26 00:53 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-02-26 00:31 - 2015-02-26 00:31 - 00000000 ____D () C:\Program Files\HitmanPro

2015-02-26 00:19 - 2015-02-26 02:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-02-26 00:18 - 2015-02-26 02:09 - 00000000 ____D () C:\Users\GoodEnd\Desktop\mbar

2015-02-25 23:15 - 2015-03-14 19:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-25 23:15 - 2015-02-26 00:19 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-25 23:15 - 2015-02-25 23:15 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-25 23:15 - 2015-02-25 23:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-25 23:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-25 23:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-25 22:10 - 2015-03-08 16:12 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-02-25 22:10 - 2015-02-25 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-02-25 12:39 - 2015-03-12 14:12 - 00010020 _____ () C:\Windows\PFRO.log

2015-02-25 04:53 - 2015-02-25 04:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-25 04:45 - 2015-01-09 01:52 - 00478296 _____ () C:\Windows\system32\locale.nls

2015-02-25 04:44 - 2015-01-09 08:43 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll

2015-02-25 04:44 - 2015-01-09 07:03 - 00601088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll

2015-02-24 07:00 - 2015-02-24 07:00 - 00000000 ____D () C:\ProgramData\F-Secure

2015-02-24 06:58 - 2015-02-24 06:58 - 00470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache

2015-02-24 06:57 - 2015-02-24 06:57 - 00212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache

2015-02-24 06:48 - 2015-02-24 18:58 - 00000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache

2015-02-24 06:38 - 2015-02-24 06:38 - 00000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache

2015-02-24 05:53 - 2015-03-16 06:39 - 01542542 _____ () C:\Windows\WindowsUpdate.log

2015-02-24 04:47 - 2015-03-08 15:07 - 00000000 ____D () C:\Users\GoodEnd\Desktop\_antivirus

2015-02-24 04:47 - 2015-03-01 16:24 - 05612482 ____R (Swearware) C:\Users\GoodEnd\Desktop\ComboFix.exe

2015-02-24 04:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-02-24 04:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2015-02-24 04:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2015-02-24 04:17 - 2015-03-01 17:40 - 00000000 ____D () C:\Qoobox

2015-02-24 04:14 - 2015-02-24 05:05 - 00000000 ____D () C:\Windows\erdnt

2015-02-24 03:50 - 2015-03-16 07:05 - 00000000 ____D () C:\FRST

2015-02-24 02:51 - 2015-03-03 10:21 - 00001209 _____ () C:\Windows\setupact.log

2015-02-24 02:51 - 2015-02-24 02:51 - 00000000 _____ () C:\Windows\setuperr.log

2015-02-24 02:41 - 2015-03-07 18:13 - 00003124 _____ () C:\Windows\System32\Tasks\startupcleantemp

2015-02-24 02:38 - 2015-03-03 10:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupRem

2015-02-23 06:45 - 2015-02-28 22:27 - 00000000 ____D () C:\Windows\pss

2015-02-22 03:23 - 2015-02-22 03:23 - 00003770 _____ () C:\Users\GoodEnd\Documents\ForceSynchronizeTime.xml

2015-02-22 00:36 - 2015-02-22 00:36 - 00000902 _____ () C:\Users\GoodEnd\Downloads\_codeplex.com - Shortcut.lnk

2015-02-21 17:55 - 2015-02-21 17:59 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_ideas

2015-02-21 01:18 - 2015-02-21 01:18 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_hardware

2015-02-20 05:50 - 2015-02-21 19:09 - 00000197 _____ () C:\Windows\system32\2015-02-20-03-50-41.093-AvastVBoxSVC.exe-4652.log

2015-02-20 04:01 - 2014-04-16 20:20 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll

2015-02-20 04:00 - 2014-04-16 20:20 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll

2015-02-20 03:08 - 2015-02-20 04:00 - 00003408 _____ () C:\Windows\System32\Tasks\BASIC TASK daily routine

2015-02-20 03:02 - 2015-02-20 04:06 - 00000610 _____ () C:\Users\GoodEnd\Documents\daily.txt

2015-02-18 12:25 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-25-42.081-aswFe.exe-6800.log

2015-02-18 12:21 - 2015-02-18 12:25 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-21-58.095-aswFe.exe-5904.log

2015-02-18 12:21 - 2015-02-18 12:21 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-21-57.074-AvastVBoxSVC.exe-6716.log

2015-02-18 12:14 - 2015-02-18 12:14 - 00000247 _____ () C:\Windows\system32\2015-02-18-10-14-03.077-aswFe.exe-6884.log

2015-02-18 12:14 - 2015-02-18 12:14 - 00000197 _____ () C:\Windows\system32\2015-02-18-10-14-01.051-AvastVBoxSVC.exe-3600.log

2015-02-18 11:59 - 2015-02-18 12:01 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-59-36.088-AvastVBoxSVC.exe-2304.log

2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL

2015-02-15 21:06 - 2015-02-15 21:06 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\www.shadowexplorer.com

2015-02-14 18:50 - 2015-02-14 18:50 - 00000000 ____D () C:\Users\GoodEnd\Documents\MEGAsync

2015-02-14 18:48 - 2015-02-14 18:48 - 00000760 _____ () C:\Users\Public\Desktop\MEGAsync.lnk

2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Mega Limited

2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync

2015-02-14 18:48 - 2015-02-14 18:48 - 00000000 ____D () C:\ProgramData\MEGAsync

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-16 07:04 - 2014-03-06 13:24 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-16 07:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2015-03-16 06:56 - 2014-03-04 22:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-16 06:52 - 2014-12-04 02:14 - 00000000 ____D () C:\ProgramData\TEMP

2015-03-16 06:52 - 2014-11-03 17:15 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Listary

2015-03-16 06:47 - 2014-03-06 13:24 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-16 06:27 - 2014-08-09 03:35 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-03-16 06:25 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-16 06:15 - 2014-08-16 20:14 - 00007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg

2015-03-16 05:24 - 2014-02-27 13:51 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job

2015-03-15 17:24 - 2014-02-27 13:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job

2015-03-15 16:11 - 2014-03-30 15:54 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3A9EC9E2-1ACB-42F3-A8C9-A4E462E25A3F}

2015-03-14 19:04 - 2014-03-04 22:38 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-03-14 19:03 - 2014-08-30 23:35 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Adobe

2015-03-14 18:43 - 2014-08-20 19:27 - 00574464 ___SH () C:\Users\GoodEnd\Desktop\Thumbs.db

2015-03-14 16:08 - 2014-08-15 01:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-14 15:16 - 2014-02-28 00:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Mozilla

2015-03-13 21:48 - 2014-06-30 18:43 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Skype

2015-03-12 15:05 - 2014-11-17 23:36 - 00000000 ____D () C:\Windows\rescache

2015-03-12 14:21 - 2012-07-26 09:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2015-03-12 14:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2015-03-12 13:57 - 2014-03-09 20:30 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-03-12 00:21 - 2014-02-25 14:50 - 00000000 ____D () C:\Users\GoodEnd

2015-03-11 17:37 - 2014-02-26 07:05 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-11 17:37 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp

2015-03-11 17:37 - 2012-07-26 07:26 - 00000269 _____ () C:\Windows\win.ini

2015-03-11 17:24 - 2014-02-26 00:44 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-11 17:07 - 2014-02-26 00:44 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 02:56 - 2014-05-25 15:27 - 00000000 ___RD () C:\Users\GoodEnd\Dropbox

2015-03-10 02:55 - 2014-08-18 17:52 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Dropbox

2015-03-09 08:23 - 2014-04-25 14:49 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\IE Tab

2015-03-09 07:01 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2015-03-09 06:07 - 2014-09-06 16:04 - 00000000 ____D () C:\logs_az

2015-03-08 15:03 - 2014-07-30 00:20 - 00000000 ____D () C:\ProgramData\boost_interprocess

2015-03-07 19:26 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2015-03-07 16:00 - 2014-08-09 03:05 - 00000000 ____D () C:\Dell

2015-03-06 11:32 - 2013-09-27 02:15 - 00000000 ____D () C:\batW8

2015-03-04 23:24 - 2014-12-12 15:23 - 00791496 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-03-04 23:24 - 2014-12-12 15:23 - 00177608 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-03-04 20:51 - 2014-02-25 14:59 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-523973353-2006286681-1537153563-1001

2015-03-03 10:20 - 2014-03-09 05:17 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\QuickScan

2015-03-03 09:23 - 2014-03-04 06:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-03-03 08:51 - 2013-09-22 03:34 - 00000000 ____D () C:\Users\GoodEnd\Downloads\_software

2015-03-01 17:35 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini

2015-03-01 09:46 - 2014-03-17 05:00 - 00000000 ____D () C:\Windows\Minidump

2015-02-27 15:09 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\schemas

2015-02-26 02:10 - 2014-09-24 22:05 - 00000000 ____D () C:\Users\GoodEnd\Documents\Outlook Files

2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Deployment

2015-02-26 00:37 - 2014-02-25 17:00 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Apps\2.0

2015-02-26 00:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\addins

2015-02-25 23:17 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\Registration

2015-02-25 12:23 - 2014-02-26 15:57 - 00000000 ____D () C:\Users\GoodEnd\AppData\Local\Citrix

2015-02-24 05:53 - 2014-02-25 14:44 - 00000000 ____D () C:\Windows\softwaredistribution.bak

2015-02-24 05:12 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default

2015-02-24 02:52 - 2014-08-10 10:14 - 00002222 _____ () C:\Windows\diagwrn.xml

2015-02-24 02:52 - 2014-08-10 10:14 - 00001908 _____ () C:\Windows\diagerr.xml

2015-02-22 17:53 - 2014-09-16 15:51 - 00000000 ____D () C:\MyWget

2015-02-20 12:27 - 2014-12-16 08:55 - 00000000 ____D () C:\Users\GoodEnd\vpworkspace40

2015-02-20 03:02 - 2014-11-11 23:11 - 00328192 ___SH () C:\Users\GoodEnd\Documents\Thumbs.db

2015-02-20 01:06 - 2014-11-26 00:12 - 00000000 ____D () C:\Users\GoodEnd\Documents\VPProjects

2015-02-19 22:57 - 2014-11-26 00:11 - 00000000 ____D () C:\Users\GoodEnd\AppData\Roaming\VisualParadigm

2015-02-17 08:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

 

==================== Files in the root of some directories =======

 

2015-02-24 06:57 - 2015-02-24 06:57 - 0212796 _____ () C:\Users\GoodEnd\AppData\Local\ars.cache

2015-02-24 06:58 - 2015-02-24 06:58 - 0470315 _____ () C:\Users\GoodEnd\AppData\Local\census.cache

2015-02-24 06:38 - 2015-02-24 06:38 - 0000036 _____ () C:\Users\GoodEnd\AppData\Local\housecall.guid.cache

2015-03-12 00:21 - 2014-04-16 13:34 - 0000728 _____ () C:\Users\GoodEnd\AppData\Local\recently-used.xbel

2014-08-16 20:14 - 2015-03-16 06:15 - 0007613 _____ () C:\Users\GoodEnd\AppData\Local\Resmon.ResmonCfg

2015-02-24 06:48 - 2015-02-24 18:58 - 0000010 _____ () C:\Users\GoodEnd\AppData\Local\sponge.last.runtime.cache

2014-12-22 08:07 - 2014-12-22 12:46 - 0620099 _____ () C:\Users\GoodEnd\AppData\Local\TempImage.png

2015-03-07 19:01 - 2015-03-07 19:01 - 0031744 ___SH () C:\Users\GoodEnd\AppData\Local\Thumbs.db

2015-03-03 10:23 - 2015-03-03 10:23 - 0199300 _____ () C:\ProgramData\1425370791.bdinstall.bin

 

Files to move or delete:

====================

C:\Users\GoodEnd\pdfeditor.dat

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-03-13 03:08

 

==================== End Of Log ============================

 

*********************************************

Addition.txt

*********************************************

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by GoodEnd at 2015-03-16 07:08:34
Running from C:\Users\GoodEnd\Desktop\_antivirus\FRST64 Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Ad-Aware Antivirus (HKLM\...\{A5C0392D-46A7-4CB3-800B-5794909453BD}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
Ad-Aware Web Companion (x32 Version: 1.1.922.1860 - Lavasoft) Hidden
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AutoHotkey 1.1.16.05 (HKLM\...\AutoHotkey) (Version: 1.1.16.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bluefish 2.2.5 (HKLM-x32\...\Bluefish) (Version: 2.2.5 - The Bluefish Developers)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
ccc-core-static (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Classic Menu for Office Enterprise 2010 and 2013 v5.55 (HKLM\...\{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1) (Version: 5.55 - Addintools)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Custom Help (Version: 16.01.1000.0235 - Intel Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Diigo Single Button (HKLM-x32\...\{244B887F-5A23-4C4D-9495-0D34D185152C}) (Version: 1.0.0 - Diigo.inc)
Dropbox (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
FSS Google Books Downloader version 1.4.5.7 (HKLM-x32\...\FSS Google Books Downloader_is1) (Version: 1.4.5.7 - FreeSmartSoft Ltd.)
FSS Google Maps Downloader version 1.0.5.6 (HKLM-x32\...\FSS Google Maps Downloader_is1) (Version: 1.0.5.6 - FreeSmartSoft Ltd.)
GBLight (HKLM-x32\...\GBLight3.0) (Version: 3.0 - Guided Brainstorming LLC)
GBLightSp (HKLM-x32\...\{557B3F65-15F8-4CCA-8098-AD731AB6DAC4}) (Version: 3.0.0 - Guided Brainstorming LLC)
GBPro (HKLM-x32\...\GBPro3.0) (Version: 3.0 - Guided Brainstorming LLC)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Chrome (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google Web Designer (HKLM-x32\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.1.4.0 - Google Inc.)
HP Support Solutions Framework (HKLM-x32\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
IDEF0 Editor 2.0 (HKLM-x32\...\IDEF0 Editor 2.0) (Version:  - )
yEd Graph Editor 3.13 (HKLM\...\3309-7404-0599-8908) (Version: 3.13 - yWorks GmbH)
Image Data Converter (HKLM-x32\...\{87998E4E-6D9C-411B-AAE9-B8523FFE357D}) (Version: 4.2.03.16101 - Sony Corporation)
iMapping Tool Free (HKLM\...\{739A7657-1D9C-47A9-94F3-E0A501A8B6BD}) (Version: 1.0 - Dr. Heiko Haller, www.imapping.info)
import.io (HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\{95981586-8D7F-49E9-9C7F-3AA704641471}_is1) (Version: 0.1 - import.io)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{b6b417a3-1f40-4618-aadd-49628bda7836}) (Version: 16.1.1 - Intel Corporation)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
KakaoTalk (HKLM-x32\...\KakaoTalk) (Version: 2.0.1.683 - Kakao)
LavasoftTcpService (x32 Version: 2.3.3.0 - Lavasoft) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Expression Design 4 (HKLM-x32\...\Design_8.0.31217.1) (Version: 8.0.31217.1 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM\...\Office14.PROOFKIT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0a1 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
Network Recording Player (HKLM-x32\...\{EA7547D9-708C-4496-BF2D-8623FB3C4F13}) (Version: 29.8.2.10049 - Cisco WebEx LLC)
Nightly 39.0a1 (x64 en-US) (HKLM\...\Nightly 39.0a1 (x64 en-US)) (Version: 39.0a1 - Mozilla)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5922 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.5922 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Optimum version 14.0.0.146 (HKLM-x32\...\Optimum_is1) (Version: 14.0.0.146 - Optimum Systems)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Info 2.02 (HKLM-x32\...\PDF Info_is1) (Version:  - Bureausoft Corporation)
PDF Password Remover v3.1 (HKLM-x32\...\PDF Password Remover v3.1_is1) (Version:  - VeryPDF.com Inc)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.3.4.2350 - Simon Steele)
ProjectLibre (HKLM-x32\...\{0615141F-66B8-4861-9723-BF0CDBF29328}) (Version: 1.5.18.0 - ProjectLibre)
RICOH Media Driver ver.2.11.01.02 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)
Semantic IDE version 1.0.2.5 (HKLM-x32\...\{0C065F81-9A21-4E9C-8A78-C60DB683676A}_is1) (Version: 1.0.2.5 - Semantic Technology Company Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-004B-0000-1000-0000000FF1CE}_Office14.PROOFKIT_{F2D64AA9-2EE6-423B-AD9E-B0780FA11F0A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skins (x32 Version: 2007.0414.2243.38770 - ATI) Hidden
Southbeach Modeller (HKLM-x32\...\Southbeach Modeller) (Version: 3.0.0.2 - Southbeach Solutions Ltd)
Swiftlight (HKLM-x32\...\Swiftlight) (Version:  - Torridon Solutions)
Swiftlight (x32 Version: 1.0 - Torridon Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teleport VLX (HKLM-x32\...\Teleport VLX) (Version: 1.59 - Tennyson Maxwell Information Systems, Inc.)
VeryPDF PDF Editor v4.1 (HKLM-x32\...\VeryPDF PDF Editor v4.1_is1) (Version:  - VeryPDF.com, Inc.)
visViewer (HKLM\...\{08593FD5-57C1-4ED1-B6D6-B63B3E785500}) (Version: 3.0.2 - bVisual)
VP Suite 5.0 (HKLM-x32\...\VP Suite 5.0) (Version:  - Visual Paradigm International Ltd.)
Web Companion (HKLM-x32\...\{902C3D36-9254-437D-98AC-913B78E60864}_WebCompanion) (Version: 1.1.922.1860 - Lavasoft)
WhiteStarUML (HKLM-x32\...\WhiteStarUML) (Version:  - Janusz Szpilewski)
WhiteStarUML (x32 Version: 5.5.8 - Janusz Szpilewski) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
XMind 1.0Beta (HKLM-x32\...\XMind Project_is1) (Version: 1.0Beta - NGLogic)
XMind 6 (v3.5.1) (HKLM-x32\...\XMind_is1) (Version: 3.5.1.201411201906 - XMind Ltd.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> E:\PA\PortableApps\DropboxPortableAHK1682beta\.dbfiles\profile\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\GoodEnd\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-523973353-2006286681-1537153563-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\GoodEnd\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
ATTENTION: System Restore is disabled.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 07:26 - 2015-02-25 12:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A8633C2-B8ED-4266-B94D-26F027AD98A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {11E88EC8-26DA-45B3-BD9F-3E7399C74EF1} - System32\Tasks\BASIC TASK daily routine => C:\Users\GoodEnd\Documents\daily.txt [2015-02-20] ()
Task: {19C919EB-DD7F-4794-BB8F-164DFCB24C51} - System32\Tasks\{E56DEC2B-5807-4F1C-930C-18F3FD91953C} => pcalua.exe -a C:\Users\GoodEnd\AppData\Local\Apps\2.0\9D5OY6BR.XVD\1HAYT0X8.MXX\dell..tion_0f612f649c4a10af_0005.000a_17ece8424e43daec\Uninstaller.exe -c uninstall
Task: {39DDF80F-212C-48DD-8A69-6D74D599AF22} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {3F74D098-B98C-4ED2-81BE-35C73BAC6E29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {4FA8E328-8F5F-452D-BFB7-B065A024653A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-14] (Adobe Systems Incorporated)
Task: {574FAC6D-80B2-44BE-AD83-89BEFB0B6960} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-27] (Google Inc.)
Task: {79AE7CAC-FCE5-4A06-BFFA-8180636780F2} - System32\Tasks\startupcleantemp => C:\batW8\startupcleantemp.bat [2015-02-23] ()
Task: {7A90580F-0FCB-4695-B42D-39E0ADFDA4AC} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {8BDFEED8-8CAB-40F9-BA8B-C79E3C139516} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {BAC3C4DE-A531-4160-907A-9FAF1A1330F1} - System32\Tasks\BASICTASKAZ periodicaly clean temp => C:\batW8\scheduled_clean_temp.bat [2015-03-09] ()
Task: {C713206A-AF3B-4606-80A0-BCB8BBDF4877} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-06] (Google Inc.)
Task: {CEB1EF51-A3F6-42CD-A2F9-9ECAED91D355} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-19] (AVAST Software)
Task: {F075DF7A-1BE6-4217-A7B1-F5095579436E} - System32\Tasks\visit-daily-inventship bat => E:\PA\PortableApps\AutoHotKey\visit-daily-inventship.bat [2014-10-30] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001Core.job => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-523973353-2006286681-1537153563-1001UA.job => C:\Users\GoodEnd\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-03 10:21 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-03-03 10:21 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-11-03 04:24 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00713568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00107352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00125792 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 12716368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00786264 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00736584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00474968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00812360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00099136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00119616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00867688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01107272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00248648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01009496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01171280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01295680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00975704 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01091416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00894280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00849232 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02953040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01251664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:22 - 2014-12-18 15:22 - 00053600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01289048 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00360776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02785112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01228608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00968000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 01177960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00152896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00017768 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2015-03-12 11:57 - 2015-03-12 11:57 - 00012144 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00034152 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-05-01 16:13 - 2014-05-01 16:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2014-08-29 21:57 - 2012-09-05 11:51 - 00686744 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-12-18 15:21 - 2014-12-18 15:21 - 08947008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
2014-12-18 15:22 - 2014-12-18 15:22 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_locale-vc100-mt-1_57.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 02130752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\HtmlFramework.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\DllStorage.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTrayDefaultSkin.dll
2014-12-18 15:21 - 2014-12-18 15:21 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\Localization.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-12-18 15:21 - 2014-12-18 15:21 - 02757456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareShellExtension.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00286720 _____ () E:\PA\PortableApps\launchy\launchy.exe
2012-03-29 14:56 - 2012-03-29 14:56 - 00089944 _____ () E:\PA\PortableApps\listaryportable\App\Listary\X64\CrashRpt1300.dll
2012-05-08 08:50 - 2012-05-08 08:50 - 00047960 _____ () E:\PA\PortableApps\listaryportable\App\Listary\X64\Listary32helper.exe
2015-03-15 23:15 - 2015-03-15 23:15 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031501\algo.dll
2014-11-19 13:23 - 2014-11-19 13:23 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00077632 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00179560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00046920 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00033136 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00015696 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00123224 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2015-03-12 11:58 - 2015-03-12 11:58 - 00073544 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2015-03-12 11:57 - 2015-03-12 11:57 - 00039256 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-03-14 01:25 - 2015-03-14 01:25 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-12-26 17:20 - 2008-05-24 12:31 - 07061504 _____ () E:\PA\PortableApps\launchy\QtGui4.dll
2011-12-26 17:20 - 2008-05-24 12:20 - 00561152 _____ () E:\PA\PortableApps\launchy\QtNetwork4.dll
2011-12-26 17:20 - 2008-05-24 12:19 - 01961984 _____ () E:\PA\PortableApps\launchy\QtCore4.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00053248 _____ () E:\PA\PortableApps\launchy\platform_win.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00061440 _____ () E:\PA\PortableApps\launchy\plugins\calcy.dll
2011-12-26 17:20 - 2008-08-05 19:15 - 00021504 _____ () E:\PA\PortableApps\launchy\plugins\gcalc.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00069632 _____ () E:\PA\PortableApps\launchy\plugins\runner.dll
2011-12-26 17:20 - 2008-08-05 19:16 - 00098304 _____ () E:\PA\PortableApps\launchy\plugins\weby.dll
2015-03-16 06:52 - 2015-03-16 06:52 - 00011264 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsx7661.tmp\System.dll
2015-03-16 06:52 - 2015-03-16 06:52 - 00121344 _____ () C:\Users\GoodEnd\AppData\Local\Temp\nsx7661.tmp\xml.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-04 02:14 - 2012-02-29 01:23 - 00051200 _____ () C:\Program Files\Classic Menu for Office\armaccess.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:A5C00DEE
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\GoodEnd\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\StartupFolder: => "TheBrain.lnk"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "DellSystemDetect"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "StartCCC"
HKU\S-1-5-21-523973353-2006286681-1537153563-1001\...\StartupApproved\Run: => "KakaoTalk"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-523973353-2006286681-1537153563-500 - Administrator - Disabled)
GoodEnd (S-1-5-21-523973353-2006286681-1537153563-1001 - Administrator - Enabled) => C:\Users\GoodEnd
Guest (S-1-5-21-523973353-2006286681-1537153563-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-523973353-2006286681-1537153563-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/16/2015 06:18:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]
 
Error: (03/15/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: keepass.exe, version: 1.28.0.0, time stamp: 0x542bb203
Faulting module name: uxtheme.dll, version: 6.2.9200.17267, time stamp: 0x54e7f4cd
Exception code: 0xc0000409
Fault offset: 0x000537db
Faulting process id: 0x33b0
Faulting application start time: 0xkeepass.exe0
Faulting application path: keepass.exe1
Faulting module path: keepass.exe2
Report Id: keepass.exe3
Faulting package full name: keepass.exe4
Faulting package-relative application ID: keepass.exe5
 
Error: (03/14/2015 04:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: keepass.exe, version: 1.28.0.0, time stamp: 0x542bb203
Faulting module name: combase.dll, version: 6.2.9200.16420, time stamp: 0x505a976e
Exception code: 0xc0000005
Fault offset: 0x0001334f
Faulting process id: 0x1dd4
Faulting application start time: 0xkeepass.exe0
Faulting application path: keepass.exe1
Faulting module path: keepass.exe2
Report Id: keepass.exe3
Faulting package full name: keepass.exe4
Faulting package-relative application ID: keepass.exe5
 
Error: (03/12/2015 00:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STDUViewerApp.exe, version: 1.6.313.0, time stamp: 0x5350381d
Faulting module name: STDUDjVuFile.dll, version: 1.5.841.0, time stamp: 0x5350183b
Exception code: 0xc0000005
Fault offset: 0x00017c3a
Faulting process id: 0x3554
Faulting application start time: 0xSTDUViewerApp.exe0
Faulting application path: STDUViewerApp.exe1
Faulting module path: STDUViewerApp.exe2
Report Id: STDUViewerApp.exe3
Faulting package full name: STDUViewerApp.exe4
Faulting package-relative application ID: STDUViewerApp.exe5
 
Error: (03/09/2015 01:58:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: keepass.exe, version: 1.28.0.0, time stamp: 0x542bb203
Faulting module name: keepass.exe, version: 1.28.0.0, time stamp: 0x542bb203
Exception code: 0xc0000005
Fault offset: 0x00044c88
Faulting process id: 0x37bc
Faulting application start time: 0xkeepass.exe0
Faulting application path: keepass.exe1
Faulting module path: keepass.exe2
Report Id: keepass.exe3
Faulting package full name: keepass.exe4
Faulting package-relative application ID: keepass.exe5
 
Error: (03/09/2015 08:01:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc000041d
Fault offset: 0x00000000000b57ce
Faulting process id: 0x1004
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (03/09/2015 08:01:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc0000005
Fault offset: 0x00000000000b57ce
Faulting process id: 0x1004
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (03/09/2015 06:57:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc0000005
Fault offset: 0x00000000000b57ce
Faulting process id: 0x704
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
Error: (03/08/2015 04:09:04 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeUnavailableUnavailableS-1-5-18UnavailableUnavailable
 
Error: (03/08/2015 02:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: SHELL32.dll, version: 6.2.9200.17150, time stamp: 0x5438a12b
Exception code: 0xc000041d
Fault offset: 0x00000000000b57ce
Faulting process id: 0x1a78
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5
 
 
System errors:
=============
Error: (03/16/2015 06:29:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1058
 
Error: (03/16/2015 06:24:33 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (03/16/2015 06:23:48 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/16/2015 06:23:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1058
 
Error: (03/16/2015 06:23:37 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/16/2015 06:23:30 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1068fdPHostUnavailable{D3DCB472-7261-43CE-924B-0704BD730D5F}
 
Error: (03/16/2015 06:23:29 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1068fdPHostUnavailable{145B4335-FE2A-4927-A040-7C35AD3180EF}
 
Error: (03/16/2015 06:23:29 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (03/16/2015 06:23:29 AM) (Source: DCOM) (EventID: 10005) (User: GoodEnd-delaz)
Description: 1068netprofmUnavailable{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
Error: (03/16/2015 06:23:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (03/16/2015 06:18:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNetworkStreamService did not shut down when asked, terminating. [18]
 
Error: (03/15/2015 01:55:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: keepass.exe1.28.0.0542bb203uxtheme.dll6.2.9200.1726754e7f4cdc0000409000537db33b001d05f105725d250E:\PA\PortableApps\KeePassPortable\App\keepass\keepass.exeC:\Windows\system32\uxtheme.dll3d389fc2-cb0a-11e4-bf18-5cac4cfbc89b
 
Error: (03/14/2015 04:59:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: keepass.exe1.28.0.0542bb203combase.dll6.2.9200.16420505a976ec00000050001334f1dd401d05e67662c6d67E:\PA\PortableApps\KeePassPortable\App\keepass\keepass.exeC:\Windows\SYSTEM32\combase.dllb121062b-ca5a-11e4-bf15-5cac4cfbc89b
 
Error: (03/12/2015 00:06:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: STDUViewerApp.exe1.6.313.05350381dSTDUDjVuFile.dll1.5.841.05350183bc000000500017c3a355401d05c1e356f84e9E:\PA\PortableApps\stduviewer\STDUViewerApp.exeE:\PA\PortableApps\stduviewer\STDUDjVuFile.dllf0031bb2-c83a-11e4-bf13-5c260a06833a
 
Error: (03/09/2015 01:58:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: keepass.exe1.28.0.0542bb203keepass.exe1.28.0.0542bb203c000000500044c8837bc01d05a37b577c8eaE:\PA\PortableApps\KeePassPortable\App\keepass\keepass.exeE:\PA\PortableApps\KeePassPortable\App\keepass\keepass.exea4944d32-c653-11e4-bf13-5c260a06833a
 
Error: (03/09/2015 08:01:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000041d00000000000b57ce100401d05a2d507ab5f3C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dllc7fea7a7-c621-11e4-bf13-5c260a06833a
 
Error: (03/09/2015 08:01:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000000500000000000b57ce100401d05a2d507ab5f3C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dllc65a671c-c621-11e4-bf13-5c260a06833a
 
Error: (03/09/2015 06:57:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000000500000000000b57ce70401d05a254e69cd0aC:\Windows\explorer.exeC:\Windows\system32\SHELL32.dllccb93a1d-c618-11e4-bf0f-8bafb89eb1ad
 
Error: (03/08/2015 04:09:04 PM) (Source: COM) (EventID: 18221) (User: NT AUTHORITY)
Description: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exeUnavailableUnavailableS-1-5-18UnavailableUnavailable
 
Error: (03/08/2015 02:12:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.2.9200.1662851a94434SHELL32.dll6.2.9200.171505438a12bc000041d00000000000b57ce1a7801d0598d45672b04C:\Windows\explorer.exeC:\Windows\system32\SHELL32.dll68def678-c58c-11e4-bf0c-5c260a06833a
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-25 12:13:41.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 12:13:40.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 10:08:46.423
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-25 10:08:46.298
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 21:37:03.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 21:37:03.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 19:03:19.995
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\PA\PortableApps\SysinternalsSuite 20150129\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-02-24 04:59:41.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 33%
Total physical RAM: 8053.83 MB
Available physical RAM: 5322.95 MB
Total Pagefile: 12917.83 MB
Available Pagefile: 8820.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (W8) (Fixed) (Total:116 GB) (Free:46.63 GB) NTFS
Drive d: () (Fixed) (Total:146.48 GB) (Free:17.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (DataVolume) (Fixed) (Total:156.72 GB) (Free:11.68 GB) NTFS
Drive g: (2TBWD20EARX) (Fixed) (Total:1863.01 GB) (Free:32.63 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 8AD8D52D)
Partition 1: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=156.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=46.6 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 6613389E)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 16 March 2015 - 01:03 PM


ATTENTION: System Restore is disabled.


Turn System Restore on or off - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===


Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

How is the computer running now?

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 22 March 2015 - 08:04 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:22 AM

Posted 22 March 2015 - 08:04 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users