FRST SCAN
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Main (administrator) on MAIN-PC on 30-03-2015 16:21:04
Running from C:\Users\Main\Desktop
Loaded Profiles: Main (Available profiles: Main)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_134_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(NathanScott Apps) C:\Users\Main\AppData\Local\IDTool\IDTool.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1862056 2015-03-29] (Bitdefender)
HKU\S-1-5-21-2524385995-1026570104-4239009959-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [671400 2015-03-29] (Bitdefender)
HKU\S-1-5-21-2524385995-1026570104-4239009959-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5529880 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2524385995-1026570104-4239009959-1000\...\MountPoints2: {d06df629-649b-11df-82df-806e6f6e6963} - D:\setup.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-03-30] (Microsoft Corporation)
IFEO: [Debugger] svchost.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2524385995-1026570104-4239009959-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2524385995-1026570104-4239009959-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-2524385995-1026570104-4239009959-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-29] (Bitdefender)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-29] (Bitdefender)
Toolbar: HKU\S-1-5-21-2524385995-1026570104-4239009959-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-29] (Bitdefender)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF ProfilePath: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\3jyx3j96.default
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl:
https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage:
https://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL:
https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Main\AppData\Roaming\Mozilla\Firefox\Profiles\3jyx3j96.default\searchplugins\yahoo-avast.xml [2015-03-03]
FF HKLM\...\Firefox\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff [2015-03-29]
FF HKLM\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-03-29]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] -
https://clients2.google.com/service/update2/crx
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [69880 2014-12-09] (Bitdefender)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
R2 uCamMonitor; C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [54424 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1308464 2015-03-29] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2009-05-26] (ArcSoft, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1083448 2015-03-29] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [243456 2015-03-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [548336 2015-03-29] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2015-03-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [93648 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2015-03-29] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 DCamUSBNovatek; C:\Windows\System32\Drivers\nvtcam.sys [2696960 2010-07-14] (Hewlett-Packard)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [172936 2015-03-29] (BitDefender LLC)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-03-29] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [408280 2014-10-15] (BitDefender S.R.L.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41472 2010-04-16] (Apple, Inc.) [File not signed]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-30 16:21 - 2015-03-30 16:21 - 00011861 _____ () C:\Users\Main\Desktop\FRST.txt
2015-03-30 16:20 - 2015-03-30 16:21 - 00000000 ____D () C:\FRST
2015-03-30 16:19 - 2015-03-30 16:19 - 01135104 _____ (Farbar) C:\Users\Main\Desktop\FRST.exe
2015-03-30 16:17 - 2015-03-30 16:17 - 00000292 _____ () C:\Users\Main\Desktop\idtool.txt
2015-03-30 16:13 - 2015-03-30 16:13 - 00000000 ____D () C:\Users\Main\AppData\Local\IDTool
2015-03-30 15:59 - 2015-03-30 15:59 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-30 15:54 - 2015-03-30 15:54 - 02744965 _____ () C:\Users\Main\Desktop\idtool.zip
2015-03-30 15:54 - 2015-03-30 15:54 - 00000000 ____D () C:\Users\Main\Desktop\idtool
2015-03-30 15:49 - 2015-03-30 15:49 - 00000000 ____D () C:\Windows\system32\SPReview
2015-03-30 15:47 - 2015-03-30 15:47 - 00000000 ___RD () C:\Program Files\Skype
2015-03-30 15:47 - 2015-03-30 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-30 15:47 - 2015-03-30 15:47 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-30 00:12 - 2015-03-30 00:12 - 00001002 _____ () C:\Users\Main\Desktop\ListCrilock.txt
2015-03-29 23:31 - 2015-03-29 23:31 - 00021200 _____ () C:\Users\Main\Documents\cc_20150329_233130.reg
2015-03-29 21:52 - 2015-03-29 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-03-29 21:52 - 2015-03-29 21:52 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-29 21:26 - 2015-03-29 21:26 - 00001186 _____ () C:\Users\Main\Desktop\Revo Uninstaller.lnk
2015-03-29 21:00 - 2015-03-29 21:00 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-29 20:51 - 2015-03-29 20:51 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-29 20:27 - 2015-03-29 20:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-29 19:47 - 2015-03-29 19:59 - 00000000 ____D () C:\Users\Main\AppData\Roaming\IrfanView
2015-03-29 18:22 - 2015-03-29 18:22 - 00000000 ____D () C:\Program Files\ESET
2015-03-29 18:20 - 2015-03-29 18:22 - 00000000 ___HD () C:\Windows\AxInstSV
2015-03-29 18:14 - 2015-03-29 18:14 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-03-29 18:14 - 2015-03-29 18:14 - 00000385 _____ () C:\Users\Main\AppData\Roaminguser_gensett.xml
2015-03-29 17:59 - 2015-03-29 17:59 - 00000000 ____D () C:\Users\Main\Tracing
2015-03-29 17:55 - 2015-03-29 17:55 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-03-29 17:54 - 2015-03-29 17:54 - 00002392 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-03-29 17:54 - 2015-03-29 17:54 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-03-29 17:54 - 2015-03-29 17:54 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-29 17:52 - 2015-03-29 17:52 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-29 17:51 - 2015-03-29 17:53 - 00000000 ____D () C:\Program Files\Windows Live
2015-03-29 17:50 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-03-29 17:50 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-03-29 17:50 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-03-29 17:50 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-03-29 17:48 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-29 17:47 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-03-29 17:45 - 2010-08-11 00:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-03-29 17:45 - 2010-08-11 00:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-03-29 17:41 - 2015-03-29 17:57 - 00000000 ____D () C:\Users\Main\AppData\Local\Windows Live
2015-03-29 17:41 - 2015-03-29 17:41 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2015-03-29 17:13 - 2015-03-29 17:13 - 01083448 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-03-29 17:13 - 2015-03-29 17:13 - 00172936 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-03-29 17:13 - 2015-03-29 17:13 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-03-29 17:12 - 2015-03-29 17:12 - 00548336 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-03-29 16:43 - 2015-03-29 16:43 - 00814666 _____ () C:\ProgramData\1427660948.bdinstall.bin
2015-03-29 16:40 - 2015-03-29 17:12 - 00026624 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-03-29 16:40 - 2015-03-29 17:11 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-03-29 16:40 - 2015-03-29 16:40 - 00002086 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-03-29 16:40 - 2015-03-29 16:40 - 00000308 ____H () C:\bdr-cf01
2015-03-29 16:40 - 2015-03-29 16:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-29 16:40 - 2015-03-29 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-03-29 16:40 - 2015-03-29 16:40 - 00000000 ____D () C:\ProgramData\BDLogging
2015-03-29 16:40 - 2013-11-13 15:41 - 00077632 _____ (BitDefender LLC) C:\Windows\system32\Drivers\BdfNdisf6.sys
2015-03-29 16:40 - 2012-04-17 14:40 - 00072704 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-03-29 16:40 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-03-29 16:39 - 2015-03-29 17:11 - 00243456 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-03-29 16:34 - 2015-03-29 16:46 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Bitdefender
2015-03-29 16:33 - 2015-03-29 16:40 - 00253404 ____H () C:\bdr-ld01
2015-03-29 16:33 - 2015-03-29 16:40 - 00009216 ____H () C:\bdr-ld01.mbr
2015-03-29 16:33 - 2014-07-04 17:47 - 39361413 ____H () C:\bdr-im01.gz
2015-03-29 16:33 - 2012-08-15 15:28 - 02294848 ____H () C:\bdr-bz01
2015-03-29 16:31 - 2015-03-29 16:41 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-03-29 16:31 - 2015-03-29 16:33 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-29 16:31 - 2014-10-15 17:14 - 00408280 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-03-29 16:29 - 2015-03-29 16:29 - 00000000 ____D () C:\Users\Main\AppData\Roaming\QuickScan
2015-03-29 16:17 - 2015-03-29 16:31 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-03-29 15:15 - 2015-03-29 15:15 - 00000000 ____D () C:\5f52edc0bc6a236637148b989c7f248f
2015-03-29 15:14 - 2015-03-29 15:15 - 00000000 ____D () C:\f55972f70c2345807b9a88dd99d6
2015-03-25 09:03 - 2015-03-26 16:08 - 00000000 ____D () C:\fa899716118bdf0014f576
2015-03-23 08:14 - 2015-03-23 08:16 - 00000000 ____D () C:\8230a10a5c331915632fe6
2015-03-06 22:04 - 2015-03-30 16:14 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 22:04 - 2015-03-06 22:04 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-06 22:04 - 2015-03-06 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-06 22:04 - 2015-03-06 22:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-06 22:04 - 2014-11-21 07:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-06 22:04 - 2014-11-21 07:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-06 22:04 - 2014-11-21 07:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 20:15 - 2015-03-05 20:15 - 00230673 _____ () C:\Users\Main\AppData\Local\census.cache
2015-03-05 20:15 - 2015-03-05 20:15 - 00096670 _____ () C:\Users\Main\AppData\Local\ars.cache
2015-03-05 19:23 - 2015-03-05 19:23 - 00000036 _____ () C:\Users\Main\AppData\Local\housecall.guid.cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-30 16:12 - 2010-05-21 01:46 - 01999331 _____ () C:\Windows\WindowsUpdate.log
2015-03-30 16:12 - 2010-05-20 23:10 - 00772430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-30 16:11 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-30 15:49 - 2014-08-05 19:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-30 15:48 - 2010-07-21 20:29 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-30 15:47 - 2011-11-24 11:57 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-03-30 15:47 - 2011-11-24 11:56 - 00000000 ____D () C:\ProgramData\Skype
2015-03-30 00:05 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 23:52 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32
2015-03-29 21:29 - 2010-05-24 20:40 - 00000000 ____D () C:\Users\Main\AppData\Local\Google
2015-03-29 21:29 - 2010-05-24 20:40 - 00000000 ____D () C:\Program Files\Google
2015-03-29 21:26 - 2010-09-18 00:58 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-29 21:17 - 2010-06-11 18:09 - 00000000 ____D () C:\Windows\Minidump
2015-03-29 19:19 - 2010-05-27 22:24 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Apple Computer
2015-03-29 19:19 - 2010-05-24 20:40 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Adobe
2015-03-29 19:18 - 2011-11-24 11:58 - 00000000 ____D () C:\Users\Main\AppData\Local\ArcSoft
2015-03-29 19:18 - 2010-05-27 22:24 - 00000000 ____D () C:\Users\Main\AppData\Local\Apple Computer
2015-03-29 19:18 - 2010-05-25 19:10 - 00000000 ____D () C:\Users\Main\AppData\Local\Microsoft Games
2015-03-29 19:18 - 2010-05-20 23:05 - 00000000 ____D () C:\Users\Main
2015-03-29 19:17 - 2015-02-04 09:16 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-29 18:20 - 2010-09-29 18:40 - 00000000 ____D () C:\Users\Main\AppData\Local\Adobe
2015-03-29 18:19 - 2014-08-05 19:34 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-29 18:19 - 2014-08-05 19:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-29 18:09 - 2010-05-20 23:02 - 00000000 __SHD () C:\Recovery
2015-03-29 18:04 - 2013-01-13 11:46 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-29 18:03 - 2013-01-13 11:46 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-29 17:52 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-29 16:25 - 2013-10-21 18:10 - 00000000 ____D () C:\Users\Main\AppData\Roaming\AVAST Software
2015-03-29 15:50 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-03-26 16:10 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-26 16:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-03-26 16:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-26 16:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-26 16:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-26 16:10 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\DVD Maker
2015-03-26 16:10 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\TAPI
2015-03-26 16:10 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-26 16:10 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-03-26 16:09 - 2009-07-14 03:49 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-03-26 16:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\spp
2015-03-26 16:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\Speech
2015-03-26 16:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\MUI
2015-03-26 16:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\security
2015-03-26 16:09 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-26 16:07 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2015-03-26 16:01 - 2014-08-18 23:50 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Mozilla
2015-03-26 16:01 - 2011-11-24 11:57 - 00000000 ____D () C:\Users\Main\AppData\Roaming\Skype
2015-03-26 16:01 - 2010-06-12 19:11 - 00000000 ____D () C:\Users\Main\AppData\Local\Mozilla
2015-03-21 08:06 - 2013-10-19 19:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-20 18:30 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 18:48 - 2010-05-20 23:42 - 119837704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-07 07:13 - 2009-07-14 00:33 - 00266808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-07 07:04 - 2009-07-13 22:05 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
==================== Files in the root of some directories =======
2013-03-07 14:57 - 2013-03-07 14:57 - 4126720 _____ () C:\Program Files\GUT3949.tmp
2010-07-31 18:49 - 2010-07-31 18:49 - 0033134 _____ () C:\Users\Main\AppData\Roaming\UserTile.png
2015-03-05 20:15 - 2015-03-05 20:15 - 0096670 _____ () C:\Users\Main\AppData\Local\ars.cache
2015-03-05 20:15 - 2015-03-05 20:15 - 0230673 _____ () C:\Users\Main\AppData\Local\census.cache
2015-03-04 19:39 - 2015-03-04 19:39 - 0045762 _____ () C:\Users\Main\AppData\Local\HELP_DECRYPT.PNG
2015-03-05 19:23 - 2015-03-05 19:23 - 0000036 _____ () C:\Users\Main\AppData\Local\housecall.guid.cache
2015-03-29 16:43 - 2015-03-29 16:43 - 0814666 _____ () C:\ProgramData\1427660948.bdinstall.bin
2015-03-04 19:39 - 2015-03-04 19:39 - 0045762 _____ () C:\ProgramData\HELP_DECRYPT.PNG
Some content of TEMP:
====================
C:\Users\Main\AppData\Local\Temp\ARS.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-20 18:17
==================== End Of Log ============================