[janji]

Hi

 

I'm using Windows 7, 32- bit Operating System

My computer doesn't want to start normally, it does a start up repair, tells me root causes found: registry is corrupt, repair action: system restore.
After it does the system restore computer runs normally, until the next time I start my computer and it happens again.
There are some apps to download, like "System Mechanic etc but I'm worried that they might cause more problems.
I only got a System Repair Disc that I created myself ages ago and that I don't know if I've done it correctly.
Could you please help me with some advice, thank you.

I've used Malwarebytes Anti- Malware and SUPERAntiSpyware(free edition), uninstalled Java using their own app and downloaded Java from their website because it didn't want to download the usual way (I'm using Secunia PSI) recently.

[Advertisements]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

• Right-click on randomly named icon and select Run as Administrator to start the tool.
• It is very important that you do not use your computer while Gmer is running!
• Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
• If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

• Please check in the Quick scan box.
• Please uncheck the IAT/EAT and Show All.
• Click Scan.
• If you see a rootkit warning window click OK.
• When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


Cheers,
Naat

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!


Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• When the tool opens click Yes to disclaimer.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please copy and paste their content into your next reply.


Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

• Right-click on randomly named icon and select Run as Administrator to start the tool.
• It is very important that you do not use your computer while Gmer is running!
• Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
• If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

• Please check in the Quick scan box.
• Please uncheck the IAT/EAT and Show All.
• Click Scan.
• If you see a rootkit warning window click OK.
• When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

If you encounter any problems, try running GMER in Safe Mode.
If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.


Cheers,
Naat

[janji]

Hi Naat, thanks for your reply.
I would still like to use Twitter, youTube,Flickr and codecadamy, where I'm already signed in, is that ok?

Here are the logs you asked for:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:8-08-2014
Ran by User (administrator) on USER-PC on 08-08-2014 19:41:39
Running from C:\Users\User\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimDrivers\SlimDrivers.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Solid Documents, LLC) C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Aeria Games & Entertainment) C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\HSSCP.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Users\User\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Harmony Hollow Software) C:\Program Files\Screen Highlighter\shl.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(J. Eric Vaughan) C:\Program Files\Stay On Top\StayOnTop.exe
(Fabio Martin) C:\Program Files\7 Sticky Notes\7StickyNotes.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [4287536 2013-11-14] ()
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-21] (Spotify Ltd)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Amazon Cloud Player] => C:\Users\User\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [Screen Highlighter] => C:\Program Files\Screen Highlighter\shl.exe [643072 2013-12-20] (Harmony Hollow Software)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-07-12] (Siber Systems)
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Policies\Explorer: [RestrictRun] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stay On Top.lnk
ShortcutTarget: Stay On Top.lnk -> C:\Windows\Installer\{5C6C0192-BA75-4932-8931-B2FF88346E49}\_16dd6dc4.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk
ShortcutTarget: 7 Sticky Notes.lnk -> C:\Program Files\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: linkscanner - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default
FF Homepage: https://my.yahoo.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @siber.com/RoboForm -> C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKCU: @TrianglePlayer - C:\Users\User\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Extension: Add to Amazon Wish List Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Double-click To Reload Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: FireRainbow - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-07-27]
FF Extension: My-Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2011-12-13]
FF Extension: Remove Cookies for Site - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea} [2014-08-05]
FF Extension: Lightshot (screenshot tool) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B} [2014-06-15]
FF Extension: AddThis - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2012-08-29]
FF Extension: Page Zoom Button - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: AmazonOnClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-06]
FF Extension: Autofill Forms - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Duplicate This Tab - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firebug - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Firepicker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: AOL One Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: LanguageToolFx - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple White - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Simple Timer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Sticky Notes - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: Tabbed View Source - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected] [2014-08-05]
FF Extension: abcTajpu - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi [2014-08-05]
FF Extension: ProxTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-08-05]
FF Extension: Reload Tab On Double-Click - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{aede9b05-c23c-479b-a90e-9146ed62d377}.xpi [2014-08-05]
FF Extension: Easy Youtube Video Downloader Express - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2014-08-05]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-05]
FF Extension: Hotspot Shield Extension - C:\Program Files\Mozilla Firefox\browser\extensions\[email protected] [2014-07-23]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-25]
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-03-11]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR StartupUrls: "https://www.google.com/?hl=de"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-04]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-04]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-04]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-04]
CHR Extension: (RoboForm) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-03-14]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\User\AppData\Local\newhb2.crx [2013-09-27]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\User\AppData\Local\WebToSave.crx [2013-09-27]
CHR HKLM\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [2014-01-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files\SockshareDownloader\SockshareDownloader10.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-11]
CHR HKCU\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\User\AppData\Local\newhb2.crx [2013-09-27]
CHR HKCU\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\User\AppData\Local\WebToSave.crx [2013-09-27]
CHR HKCU\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [2014-01-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-07] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2000-01-01] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S2 SetupARService; C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-07-26] (Realtek Semiconductor.) [File not signed]
R2 SPDFCreatorReadSpool; C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe [180552 2011-10-03] (Solid Documents, LLC)
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-12-04] () [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3234304 2013-08-25] (Qualcomm Atheros Communications, Inc.)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [39624 2014-05-17] (AnchorFree Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [34432 2012-07-20] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [25088 2012-07-20] (ManyCam LLC)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-11-04] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-08-07] ()
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2014-05-17] (Anchorfree Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [43520 2012-02-15] (Apple, Inc.) [File not signed]
R2 windrvNT; C:\Windows\system32\windrvNT.sys [35363 2010-07-27] () [File not signed]
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys [X]
S3 XDva405; \??\C:\Windows\system32\XDva405.sys [X]
S3 XDva409; \??\C:\Windows\system32\XDva409.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 19:41 - 2014-08-08 19:42 - 00030287 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-08 19:41 - 2014-08-08 19:41 - 00000000 ____D () C:\FRST
2014-08-08 19:38 - 2014-08-08 19:38 - 00380416 _____ () C:\Users\User\Desktop\giw4wdoc.exe
2014-08-08 19:37 - 2014-08-08 19:37 - 01084928 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-08-07 23:34 - 2014-08-07 23:34 - 00143312 _____ () C:\Windows\Minidump\080714-21699-01.dmp
2014-08-07 16:07 - 2014-08-07 16:07 - 00029441 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-08-05 21:55 - 2014-08-05 21:55 - 00002286 _____ () C:\Users\User\Desktop\[QUOTE=malignus;[bleep]
2014-08-05 20:26 - 2014-08-05 20:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 20:25 - 2014-08-05 20:25 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 20:25 - 2014-08-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 20:19 - 2014-08-05 20:19 - 29421992 _____ (Oracle Corporation) C:\Users\User\Desktop\jre-7u67-windows-i586.exe
2014-08-05 17:19 - 2014-08-05 17:19 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 17:19 - 2014-08-05 17:19 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 17:19 - 2014-08-05 17:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-04 02:43 - 2014-08-04 02:44 - 92772269 _____ () C:\Users\User\Desktop\Sittin' On The Dock Of The Bay _ Playing For Change.mp4
2014-08-01 15:11 - 2014-08-01 15:08 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-01 15:10 - 2014-08-01 15:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-01 15:08 - 2014-08-01 15:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-01 15:06 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 15:06 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 15:06 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 15:06 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 15:05 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 15:05 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 15:05 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 15:05 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 15:05 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-29 10:16 - 2014-07-29 10:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotydl
2014-07-29 10:16 - 2014-07-29 10:16 - 00000949 _____ () C:\Users\User\Desktop\Spotydl.lnk
2014-07-29 10:16 - 2014-07-29 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotydl
2014-07-29 10:16 - 2014-07-29 10:16 - 00000000 ____D () C:\Program Files\Spotydl
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ___RD () C:\Program Files\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-27 16:12 - 2014-07-27 16:12 - 13542851 _____ () C:\Users\User\Desktop\karaoke Sudirman - dari jauh ku pohon maaf.mp4
2014-07-27 15:54 - 2014-07-27 15:54 - 00000000 ____D () C:\ProgramData\APN
2014-07-23 15:11 - 2014-08-05 17:19 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-21 15:26 - 2014-07-21 15:26 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flickr Uploadr.lnk
2014-07-21 15:26 - 2014-07-21 15:26 - 00001927 _____ () C:\Users\User\Desktop\Flickr Uploadr.lnk
2014-07-21 15:26 - 2014-07-21 15:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Flickr
2014-07-21 15:26 - 2014-07-21 15:26 - 00000000 ____D () C:\Users\User\AppData\Local\Flickr
2014-07-21 15:25 - 2014-07-21 15:26 - 00000000 ____D () C:\Program Files\Flickr Uploadr
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files\Educational Simulations
2014-07-16 09:25 - 2014-07-21 13:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 09:25 - 2014-07-16 09:25 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 09:25 - 2014-07-16 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 09:25 - 2014-07-16 09:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 09:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-16 09:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-12 13:42 - 2014-07-12 13:42 - 16656408 _____ (Siber Systems) C:\Users\User\Desktop\RoboForm-Setup-cnetc.exe
2014-07-11 12:48 - 2014-07-11 12:49 - 00000000 ____D () C:\Users\User\Documents\My Kindle Content
2014-07-11 12:48 - 2014-07-11 12:48 - 00002221 _____ () C:\Users\User\Desktop\Kindle.lnk
2014-07-11 12:48 - 2014-07-11 12:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-11 12:47 - 2014-07-11 12:48 - 00000000 ____D () C:\Users\User\AppData\Local\Amazon
2014-07-09 13:20 - 2014-07-09 13:20 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 13:08 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 13:08 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 13:08 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 13:08 - 2014-06-19 01:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 13:08 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 13:08 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 13:08 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 13:08 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 13:08 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 13:08 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 13:08 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 13:08 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 13:08 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 13:08 - 2014-06-19 01:23 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 13:08 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 13:08 - 2014-06-19 01:16 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 13:08 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 13:08 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 13:08 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 13:08 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 13:08 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 13:08 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 13:08 - 2014-06-19 00:52 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 13:08 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 13:08 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 13:08 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 13:08 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 13:08 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 13:08 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 13:08 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 13:08 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 13:08 - 2014-06-18 02:52 - 02350080 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 13:07 - 2014-06-30 03:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 13:07 - 2014-06-30 03:36 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 13:07 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 13:07 - 2014-06-05 16:26 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 13:07 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 13:07 - 2014-05-30 08:36 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 19:42 - 2014-08-08 19:41 - 00030287 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-08 19:42 - 2013-11-14 02:25 - 00000000 ____D () C:\Users\User\AppData\Local\PMB Files
2014-08-08 19:41 - 2014-08-08 19:41 - 00000000 ____D () C:\FRST
2014-08-08 19:41 - 2009-10-24 20:57 - 01751423 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 19:38 - 2014-08-08 19:38 - 00380416 _____ () C:\Users\User\Desktop\giw4wdoc.exe
2014-08-08 19:37 - 2014-08-08 19:37 - 01084928 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-08-08 19:24 - 2011-02-20 17:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 19:20 - 2012-07-15 00:55 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-08 18:35 - 2009-07-14 06:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 18:35 - 2009-07-14 06:34 - 00017168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 14:41 - 2013-09-14 12:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\FileAdvisor
2014-08-08 14:40 - 2014-03-23 01:31 - 00000000 ___RD () C:\Users\User\Desktop\Security
2014-08-08 13:25 - 2013-03-15 17:15 - 00000000 ____D () C:\Windows\rescache
2014-08-08 12:19 - 2011-02-20 17:17 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 09:32 - 2014-07-05 14:58 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2014-08-08 09:32 - 2013-12-04 01:12 - 00000000 ____D () C:\Users\User\AppData\Local\Akamai
2014-08-08 09:32 - 2013-11-18 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-08 09:32 - 2013-11-14 02:25 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-08 09:32 - 2011-02-09 18:55 - 00000000 ____D () C:\Users\User\AppData\Roaming\PhotoScape
2014-08-08 09:32 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-08-08 09:31 - 2013-05-20 20:46 - 00000000 ___RD () C:\Users\User\Dropbox
2014-08-08 09:31 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-08-08 02:05 - 2013-12-15 20:30 - 05407232 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-08-08 00:34 - 2009-10-24 23:53 - 00384248 _____ () C:\Windows\system32\prfh0804.dat
2014-08-08 00:34 - 2009-10-24 23:53 - 00119918 _____ () C:\Windows\system32\prfc0804.dat
2014-08-08 00:34 - 2009-10-24 21:05 - 02115974 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 23:41 - 2013-07-05 21:19 - 00000000 ____D () C:\Program Files\Opera
2014-08-07 23:36 - 2012-02-01 15:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\7 Sticky Notes
2014-08-07 23:35 - 2013-11-10 16:09 - 00000384 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2014-08-07 23:34 - 2014-08-07 23:34 - 00143312 _____ () C:\Windows\Minidump\080714-21699-01.dmp
2014-08-07 23:34 - 2014-06-10 16:33 - 00006655 _____ () C:\Windows\setupact.log
2014-08-07 23:34 - 2013-11-10 16:09 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-07 23:34 - 2012-01-29 20:33 - 00000000 ____D () C:\Windows\Minidump
2014-08-07 23:34 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 23:33 - 2014-04-01 13:36 - 256625834 _____ () C:\Windows\MEMORY.DMP
2014-08-07 16:08 - 2014-07-05 12:13 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-08-07 16:07 - 2014-08-07 16:07 - 00029441 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-08-05 21:55 - 2014-08-05 21:55 - 00002286 _____ () C:\Users\User\Desktop\[QUOTE=malignus;[bleep]
2014-08-05 20:26 - 2014-08-05 20:26 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-05 20:25 - 2014-08-05 20:25 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-05 20:25 - 2014-08-05 20:25 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-05 20:25 - 2014-08-05 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 20:25 - 2014-04-19 12:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 20:19 - 2014-08-05 20:19 - 29421992 _____ (Oracle Corporation) C:\Users\User\Desktop\jre-7u67-windows-i586.exe
2014-08-05 20:00 - 2013-05-20 20:42 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2014-08-05 19:58 - 2013-09-13 04:13 - 00364094 _____ () C:\Windows\PFRO.log
2014-08-05 19:52 - 2013-09-13 19:48 - 00000000 ____D () C:\Program Files\File Type Advisor
2014-08-05 17:19 - 2014-08-05 17:19 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-05 17:19 - 2014-08-05 17:19 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-05 17:19 - 2014-08-05 17:19 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-05 17:19 - 2014-07-23 15:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-05 16:02 - 2014-04-01 13:40 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-05 15:56 - 2014-03-21 14:14 - 00000000 ___RD () C:\Users\User\Desktop\HTML5
2014-08-05 15:56 - 2013-09-23 19:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-05 15:56 - 2012-10-22 23:28 - 00000000 ____D () C:\ProgramData\iWin Games
2014-08-05 15:56 - 2009-10-24 23:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2014-08-05 15:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-04 02:44 - 2014-08-04 02:43 - 92772269 _____ () C:\Users\User\Desktop\Sittin' On The Dock Of The Bay _ Playing For Change.mp4
2014-08-03 20:30 - 2009-10-24 21:42 - 00000000 ____D () C:\ProgramData\Temp
2014-08-03 02:01 - 2013-01-21 13:13 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify
2014-08-01 15:16 - 2014-05-11 17:24 - 00000020 _____ () C:\sccfg(30).sys
2014-08-01 15:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-08-01 15:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-01 15:11 - 2012-11-25 02:36 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-01 15:08 - 2014-08-01 15:11 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-01 15:08 - 2014-08-01 15:10 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-01 15:08 - 2014-08-01 15:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-01 15:08 - 2013-09-18 13:46 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-01 15:08 - 2013-09-18 13:46 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-01 15:08 - 2012-11-25 02:36 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-01 15:08 - 2012-11-25 02:36 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-01 15:08 - 2012-11-25 02:36 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-01 15:08 - 2012-11-25 02:35 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-29 10:39 - 2014-07-29 10:16 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotydl
2014-07-29 10:19 - 2013-01-21 13:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify
2014-07-29 10:16 - 2014-07-29 10:16 - 00000949 _____ () C:\Users\User\Desktop\Spotydl.lnk
2014-07-29 10:16 - 2014-07-29 10:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotydl
2014-07-29 10:16 - 2014-07-29 10:16 - 00000000 ____D () C:\Program Files\Spotydl
2014-07-28 02:59 - 2013-09-05 14:10 - 00000000 ___RD () C:\Users\User\Desktop\friends
2014-07-28 02:59 - 2012-09-03 21:17 - 00000000 ___RD () C:\Users\User\Desktop\family pics
2014-07-28 02:58 - 2012-11-24 14:42 - 00000000 ___RD () C:\Users\User\Desktop\music vids
2014-07-28 02:54 - 2013-12-15 15:24 - 00000000 ___RD () C:\Users\User\Desktop\albums
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ___RD () C:\Program Files\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\Users\User\AppData\Local\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-27 16:44 - 2014-07-27 16:44 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-27 16:44 - 2009-10-24 23:17 - 00000000 ____D () C:\ProgramData\Skype
2014-07-27 16:12 - 2014-07-27 16:12 - 13542851 _____ () C:\Users\User\Desktop\karaoke Sudirman - dari jauh ku pohon maaf.mp4
2014-07-27 15:54 - 2014-07-27 15:54 - 00000000 ____D () C:\ProgramData\APN
2014-07-27 15:51 - 2011-08-18 21:32 - 00000000 ____D () C:\Program Files\Java
2014-07-27 15:18 - 2009-07-14 06:53 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-27 15:18 - 2009-07-14 06:53 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU(32).TXT
2014-07-26 17:46 - 2013-11-10 16:48 - 00000000 ___HD () C:\Program Files\Temp
2014-07-26 17:42 - 2013-11-10 16:49 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-07-26 17:40 - 2009-10-24 21:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-25 13:47 - 2013-05-20 20:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 13:44 - 2012-07-16 21:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 03:02 - 2012-07-16 21:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-23 10:52 - 2010-10-29 02:05 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-22 00:03 - 2012-09-03 21:19 - 00000000 ___RD () C:\Users\User\Desktop\pics
2014-07-21 15:26 - 2014-07-21 15:26 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flickr Uploadr.lnk
2014-07-21 15:26 - 2014-07-21 15:26 - 00001927 _____ () C:\Users\User\Desktop\Flickr Uploadr.lnk
2014-07-21 15:26 - 2014-07-21 15:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Flickr
2014-07-21 15:26 - 2014-07-21 15:26 - 00000000 ____D () C:\Users\User\AppData\Local\Flickr
2014-07-21 15:26 - 2014-07-21 15:25 - 00000000 ____D () C:\Program Files\Flickr Uploadr
2014-07-21 13:41 - 2014-07-16 09:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 16:21 - 2014-07-19 16:21 - 00000000 ____D () C:\Program Files\Educational Simulations
2014-07-17 13:35 - 2013-07-01 15:04 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 19:52 - 2013-09-13 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-07-16 09:25 - 2014-07-16 09:25 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-16 09:25 - 2014-07-16 09:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-16 09:25 - 2014-07-16 09:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-16 09:25 - 2011-05-04 12:15 - 00000000 ____D () C:\Users\User\AppData\Roaming\Malwarebytes
2014-07-16 09:25 - 2011-05-04 12:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 09:25 - 2011-05-04 12:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-12 13:44 - 2014-03-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-07-12 13:42 - 2014-07-12 13:42 - 16656408 _____ (Siber Systems) C:\Users\User\Desktop\RoboForm-Setup-cnetc.exe
2014-07-11 12:49 - 2014-07-11 12:48 - 00000000 ____D () C:\Users\User\Documents\My Kindle Content
2014-07-11 12:48 - 2014-07-11 12:48 - 00002221 _____ () C:\Users\User\Desktop\Kindle.lnk
2014-07-11 12:48 - 2014-07-11 12:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-11 12:48 - 2014-07-11 12:47 - 00000000 ____D () C:\Users\User\AppData\Local\Amazon
2014-07-09 16:51 - 2009-07-14 06:33 - 02522512 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 16:49 - 2014-05-06 22:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 16:49 - 2009-07-14 09:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 16:45 - 2009-10-24 21:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 16:41 - 2013-08-22 15:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 16:37 - 2011-11-21 18:38 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 13:20 - 2014-07-09 13:20 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-07-09 13:20 - 2012-07-15 00:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 13:20 - 2012-07-15 00:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Files to move or delete:
====================
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat


Some content of TEMP:
====================
C:\Users\User\AppData\Local\temp\APNSetup.exe
C:\Users\User\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8fi5_h.dll
C:\Users\User\AppData\Local\temp\HitmanPro.exe
C:\Users\User\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\User\AppData\Local\temp\npp.6.6.3.Installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 13:07

==================== End Of Log ============================







Additional scan result of Farbar Recovery Scan Tool (x86) Version:8-08-2014
Ran by User at 2014-08-08 19:43:07
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Sticky Notes (HKLM\...\{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1) (Version:  - Fabio Martin)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\{0099B484-C24C-4D5F-8167-B0F6DF196E72}) (Version: 12.0.3.133 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11 - Innovative Solutions)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AGEIA PhysX v2.6.0 (HKLM\...\{582876EC-A178-44D4-9823-C10D6C62EAFF}) (Version: 2.6.0.4 - AGEIA Technologies, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{121A3F18-E386-B7EF-CEEB-32864884E594}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM\...\{7B937101-FD85-4CA9-9176-ADA6492314AF}) (Version: 3.0.0.117 - ArcSoft)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
AVG 2013 (Version: 13.0.2677 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2740 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2741 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.2742 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center InstallProxy (Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5C78021E-3C8E-4EDF-97EA-E9B8D808FD6D}) (Version:  - Microsoft)
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Eden Eternal (HKLM\...\Eden Eternal) (Version:  - )
Elsword version v3.1120.7.1 (HKLM\...\{E655DDFC-24DB-4FC3-8474-271E911309B4}_is1) (Version: v3.1120.7.1 - Kill3rCombo)
Facebook Messenger 2.1.4814.0 (HKLM\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
File Type Advisor 1.3 (HKLM\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Flickr Uploadr 3.1.2 (HKLM\...\Flickr Uploadr) (Version:  - )
Free M4a to MP3 Converter 8.2 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter Studio 8.2 (HKLM\...\Free YouTube to MP3 Converter Studio_is1) (Version:  - ManiacTools.com)
FreeApps (HKLM\...\FreeApp v1) (Version: 1.3.1 - VTools)
GameXN GO (HKCU\...\Game Organizer) (Version:  - GameXN AS)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 3.72 - Happy Cloud, Inc.)
Heroes Of Hellas (Version: 3.4.16.3 - Alawar) Hidden
Hotspot Shield 3.42 (HKLM\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
K-Lite Mega Codec Pack 5.7.0 (HKLM\...\KLiteCodecPack_is1) (Version: 5.7.0 - )
Luxor 2 (Version: 3.4.14.106 - MumboJumbo) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
ManyCam 3.0.91 (remove only) (HKLM\...\ManyCam) (Version: 3.0.91 - ManyCam LLC)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
MostFun.com Games - Heroes Of Hellas (remove only) (HKLM\...\MostFun.com Games - Heroes Of Hellas) (Version: 3.4.16.3 - )
MostFun.com Games - Luxor 2 (remove only) (HKLM\...\MostFun.com Games - Luxor 2) (Version: 3.4.14.106 - )
MostFun.com Games - Super Granny 4 (remove only) (HKLM\...\MostFun.com Games - Super Granny 4) (Version: 3.4.16.27 - )
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyPaint 1.0.0 (HKCU\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Nero 8 Essentials (HKLM\...\{523DF39E-DF7D-488F-8022-783946571033}) (Version: 8.10.135 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Opera Stable 23.0.1522.60 (HKLM\...\Opera 23.0.1522.60) (Version: 23.0.1522.60 - Opera Software ASA)
Opera Stable 23.0.1522.72 (HKLM\...\Opera 23.0.1522.72) (Version: 23.0.1522.72 - Opera Software ASA)
Pale Moon 24.6.1 (x86 en-US) (HKLM\...\Pale Moon 24.6.1 (x86 en-US)) (Version: 24.6.1 - Moonchild Productions)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Qualcomm Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTime Alternative 2.9.2 (HKLM\...\QuicktimeAlt_is1) (Version: 2.9.2 - )
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
RoboForm 7-9-8-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-8-5 - Siber Systems)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
Screen Highlighter 1.0 (HKLM\...\Screen Highlighter_is1) (Version:  - Harmony Hollow Software)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Secunia PSI (3.0.0.9015) (HKLM\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SlimDrivers (HKLM\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.8 - IObit)
SolidPDFCreator (HKLM\...\{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}) (Version: 7.1.879.0 - SolidDocuments)
SPEEDLINK Strike 2 Gamepad (HKLM\...\{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}) (Version: 2007.08.17 - )
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Spotydl 0.9.36.0 (HKLM\...\Spotydl_is1) (Version: 0.9.36.0 - spotydl.com)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Stay On Top (HKLM\...\{5C6C0192-BA75-4932-8931-B2FF88346E49}) (Version: 1.0.0 - J. Eric Vaughan)
StickMen War 2.5 (HKLM\...\StickMen War 2.5) (Version:  - )
Sublime Text Build 3059 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Super Granny 4 (Version: 3.4.16.27 - Sandlot) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1012 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Uninstall TrianglePlayer (HKLM\...\TrianglePlayer_is1) (Version: 2012 - Fuzhou Zhuo Yue Wu Xian Software Development Company Limited)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{C0BDC1DE-C35E-422B-8CBD-C1D555468720}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VS10RuntimeWin32 (Version: 1.0.0 - immunet) Hidden
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
ZTE Handset USB Driver 5.2066.1.8B02 (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.8B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (GameXN AS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (GameXN AS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{b226c901-b163-53c9-a14c-5b55ebb03907}\InprocServer32 -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (GameXN AS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (GameXN AS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\ProgramData\GameXN\ezGameXN.dll (GameXN AS)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4165335087-975643669-458432890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2014-01-31 14:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {001A919F-5486-4F80-B76F-B12381E6F0BF} - System32\Tasks\Opera scheduled Autoupdate 1392134183 => C:\Program Files\Opera\launcher.exe [2014-08-05] (Opera Software)
Task: {02345B74-772A-44F8-A563-F33F7F68A837} - System32\Tasks\{FBC71A6A-8D24-4264-8D8B-660359524319} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {041FCAE9-E352-431F-AD25-C26D4623EB5F} - System32\Tasks\{1F529A44-4E7F-4EEB-9387-B009EA33FE4D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {0DCD5759-D02C-4EB7-BC32-41D7D06D35EA} - System32\Tasks\{C0CCC3A8-5FC2-4086-A869-3E21F7C524E9} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {1CB5B6C4-90E4-45C9-9496-17458C2181AD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {1FFB5CAB-D0C8-4971-A6C6-52243A608C52} - System32\Tasks\{B0A60467-7396-4B3F-9092-61133D6E365D} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {29A3B4DA-2552-4B1B-AC98-0DAA160CD171} - System32\Tasks\{E06706D7-83A8-4D3F-A875-DC73898C373C} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {342242AF-68DC-48E8-BAD2-FCF35B2790C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-20] (Google Inc.)
Task: {377645D7-BADA-4E0E-AD5B-C7D00FEE7171} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3A6520B3-0426-44D3-B409-796B928DAB32} - System32\Tasks\{EF9E28E4-BEED-4229-8760-020756DA18C3} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
Task: {3FF042CC-586D-4653-8E50-3485D59F6B9F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4025D84B-DA4C-44AE-923E-7CC6A0CD655E} - System32\Tasks\{93F49872-654E-438E-9457-172EA0309781} => C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
Task: {45EF2C7E-71D1-4ED0-A13A-1BF2A768DBCB} - System32\Tasks\{DC4EA453-4ECE-4831-96CD-7EE3A2282ADC} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {481EC8F6-E220-4A39-8D0E-9C07C6F2AA32} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {528AC02D-D334-4AB8-BD2B-78F8F839DA58} - System32\Tasks\FileAdvisorUpdate => C:\Program Files\File Type Advisor\fileadvisor.exe [2013-08-19] (File Type Advisor)
Task: {6435EE6F-CDC5-4CD0-A969-A9BB3C9BE48F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {67349CB0-9F9D-4F4D-AC84-0B4FBDCE1198} - System32\Tasks\{7B007186-814F-435A-A7CD-69CD63A1639D} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {6B075062-6B5A-4E41-A30C-F0042246B8F0} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {6B0E942B-0495-4EF7-AEDD-9569A16DA9FB} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files\Razer\Razer Game Booster\AutoUpdate.exe
Task: {74458643-781C-4690-A8D0-792BAAAB7F6F} - System32\Tasks\FileAdvisorCheck => C:\Program Files\File Type Advisor\file-type-advisor.exe [2013-08-19] (filetypeadvisor.com                                         )
Task: {7EB660CE-8E8C-4552-9102-38BF0F931FB6} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {86908A13-EF76-44A2-9128-6CB4E28B1C03} - System32\Tasks\{D8D22849-AEE6-403E-8BF2-E57B7BAECE7E} => C:\Program Files\MostFun\SuperGranny3\SuperGranny3.exe
Task: {8B1D7F29-DEAE-4408-B06A-D4E32ED49061} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {8ED4C510-AC55-4E81-BAFE-7E14E3057FC3} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {9426C8C4-F48B-4F4B-BDC8-FA4AFC22FD1D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-07-12] (Siber Systems)
Task: {9532703A-89D8-44B9-A93F-57991BCF286E} - System32\Tasks\SlimDrivers Startup => C:\Program Files\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {A846F772-2615-4772-9EFC-EEAAFF0E705B} - System32\Tasks\{7609A13F-987A-42CF-ACD7-2B486192D64D} => Chrome.exe http://ui.skype.com/...eligiblebrowser
Task: {BB56D7FE-84FE-4430-9291-DE31702A45EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {C2F37DB4-70B3-4512-A59C-D87535D45802} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D2DC7330-6327-44D8-BC2F-7EB0D2699C25} - System32\Tasks\AWC Startup => C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
Task: {D642B505-8B33-4423-808B-6FC0A013B9DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {D8BF779F-02BC-43F1-AFBC-B2FEF2E06E36} - System32\Tasks\Real Player online update program => C:\Program Files\Real\RealPlayer\update\realsched.exe
Task: {D9A2CB5D-65DA-4E56-92CC-7EA4A64D5E81} - System32\Tasks\{0547064D-DEF4-4974-9118-363654A9FDA8} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {DCE555C0-C6A0-45C3-BAE9-7B8FAA34A6E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4165335087-975643669-458432890-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {DE22063C-A5B8-4A63-9AAC-7A4947C1E411} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe
Task: {E3E4BF41-77EE-46A8-9C03-E3B3AEF480F3} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {EA576C5D-754E-45F2-BFAF-EFC358395475} - System32\Tasks\{97A61C17-B5EE-4468-AEF4-97888E1CCB8F} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {EDC6164A-1E23-4EDB-A508-1AD325B14F84} - System32\Tasks\{4448998A-9201-4534-B754-A54F4161D074} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {F691F962-614B-4E3E-9D4E-A9309806F902} - System32\Tasks\{0CFBB036-AB2E-4437-820E-C84B27A05FC1} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {FAC084F0-4C38-409D-80A1-37C4956E9370} - System32\Tasks\{BFD45D47-291B-4732-B969-BBA93DA76939} => C:\AeriaGames\EdenEternal\aeria_launcher.exe [2012-02-17] (Aeria Games & Entertainment)
Task: {FB21C170-BB29-4EF4-A5EB-0EE01CD13C6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) =============

2014-08-01 15:08 - 2014-08-01 15:08 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-05 17:15 - 2014-08-05 17:15 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080500\algo.dll
2014-08-08 12:13 - 2014-08-08 12:13 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14080800\algo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2009-10-24 21:17 - 2007-09-21 03:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2011-11-21 20:59 - 2011-10-03 20:59 - 00027976 _____ () C:\Windows\System32\solidlocalmon.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-17 02:11 - 2014-05-17 02:11 - 00908584 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2014-05-17 02:37 - 2014-05-17 02:37 - 00506664 _____ () C:\Program Files\Hotspot Shield\bin\HssRep.dll
2014-05-17 00:34 - 2014-05-17 00:34 - 00430344 _____ () C:\Program Files\Hotspot Shield\bin\hsswd.exe
2014-08-01 15:08 - 2014-08-01 15:08 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-11-14 02:25 - 2013-11-14 02:25 - 04287536 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe
2014-01-13 01:26 - 2014-03-07 22:39 - 03168576 _____ () C:\Users\User\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2012-02-01 15:03 - 2011-08-16 00:13 - 00802816 _____ () C:\Windows\system32\EditCtlsU.ocx
2014-08-07 23:36 - 2014-08-07 23:36 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8fi5_h.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\User\Downloads\poppy pic.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk => C:\Windows\pss\OfficeSAS.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => c:\program files\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: BCSSync => "c:\program files\microsoft office\office14\bcssync.exe" /delayservices
MSCONFIG\startupreg: DivXMediaServer => c:\program files\divx\divx media server\divxmediaserver.exe
MSCONFIG\startupreg: DivXUpdate => "c:\program files\divx\divx update\divxupdate.exe" /checknow
MSCONFIG\startupreg: FreeRAM XP => "c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe" -win
MSCONFIG\startupreg: GameXN GO => "c:\programdata\gamexn\gamexngo.exe" /startup
MSCONFIG\startupreg: iTunesHelper => c:\program files\itunes\ituneshelper.exe
MSCONFIG\startupreg: KiesPreload => c:\program files\samsung\kies\kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => c:\program files\samsung\kies\kiestrayagent.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime alternative\qttask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: Spotify => "c:\users\user\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => c:\users\user\appdata\roaming\spotify\data\spotifywebhelper.exe

==================== Faulty Device Manager Devices =============

Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 01:20:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 01:20:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 01:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 01:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 01:19:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 01:18:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 00:45:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 00:45:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 00:45:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/08/2014 00:45:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/08/2014 01:34:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:34:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:34:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:34:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:34:52 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:32:49 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:32:49 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:32:49 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:32:49 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (08/08/2014 01:32:49 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


Microsoft Office Sessions:
=========================
Error: (08/08/2014 01:20:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\WDM\vncutil64.exe

Error: (08/08/2014 01:20:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\vncutil64.exe

Error: (08/08/2014 01:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\RAVCpl64.exe

Error: (08/08/2014 01:19:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\RAVBg64.exe

Error: (08/08/2014 01:19:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\MaxxAudioControl64.exe

Error: (08/08/2014 01:18:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\keyscrambler\x64\KeyScrambler.exe

Error: (08/08/2014 00:45:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\WDM\vncutil64.exe

Error: (08/08/2014 00:45:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\vncutil64.exe

Error: (08/08/2014 00:45:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\RAVCpl64.exe

Error: (08/08/2014 00:45:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Users\User\AppData\Local\temp\7zSE2D4.tmp\Vista64\RAVBg64.exe


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 3578.9 MB
Available physical RAM: 2017.01 MB
Total Pagefile: 7156.09 MB
Available Pagefile: 5597.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:224.73 GB) (Free:125.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive g: () (Fixed) (Total:73.36 GB) (Free:55.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 4C3F8CFC)
Partition 1: (Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Naathim]

Hi Janji. How can I call you?

Have you made any attempt to run Gmer? Its logfile may be a very useful one.

About Twitter and the others, as far as I can tell from a very quick look, I think that you may use it safely. If I'll notice anything after a more careful inspection and analysis, I will keep you updated, so stay tuned

Let me know about Gmer!

Cheers,
Minion

[janji]

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-08-08 20:16:09
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1 298.09GB
Running: giw4wdoc.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwAddBootEntry [0x93435BA6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwAssignProcessToJobObject [0x93436684]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateEvent [0x934426F8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateEventPair [0x93442744]
SSDT            \??\C:\Windows\system32\windrvNT.sys                                                                    ZwCreateFile [0xA54F436A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateIoCompletion [0x934428DE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateMutant [0x93442666]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwCreateSection [0x934ECDF0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateSemaphore [0x934426AE]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwCreateThread [0x934ED080]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwCreateThreadEx [0x934ED16A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwCreateTimer [0x93442898]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwDebugActiveProcess [0x93437472]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwDeleteBootEntry [0x93435C0C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwDuplicateObject [0x9343AC68]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwLoadDriver [0x934357F8]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwMapViewOfSection [0x934ECED0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwModifyBootEntry [0x93435C72]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwNotifyChangeKey [0x9343B05E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwNotifyChangeMultipleKeys [0x93437F5A]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenEvent [0x93442722]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenEventPair [0x93442766]
SSDT            \??\C:\Windows\system32\windrvNT.sys                                                                    ZwOpenFile [0xA54F4CD8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenIoCompletion [0x93442902]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenMutant [0x9344268C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenProcess [0x9343A560]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenSection [0x93442816]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenSemaphore [0x934426D6]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenThread [0x9343A94C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwOpenTimer [0x934428BC]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwProtectVirtualMemory [0x934ECC6E]
SSDT            \??\C:\Windows\system32\windrvNT.sys                                                                    ZwQueryDirectoryFile [0xA54F4842]
SSDT            \??\C:\Windows\system32\windrvNT.sys                                                                    ZwQueryInformationProcess [0xA54F11E0]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwQueryObject [0x93437DCE]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwQueueApcThreadEx [0x93437ADC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSetBootEntryOrder [0x93435CD8]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSetBootOptions [0x93435D3E]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwSetContextThread [0x934ECFCC]
SSDT            \??\C:\Windows\system32\windrvNT.sys                                                                    ZwSetInformationFile [0xA54F5142]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSetSystemInformation [0x93435892]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSetSystemPowerState [0x93435A64]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwShutdownSystem [0x934359F2]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSuspendProcess [0x9343763C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSuspendThread [0x9343779E]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwSystemDebugControl [0x93435AEC]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwTerminateProcess [0x934ECD3C]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwTerminateThread [0x934372CC]
SSDT            \SystemRoot\system32\drivers\aswSnx.sys                                                                 ZwVdmControl [0x93435DA4]
SSDT            \SystemRoot\system32\drivers\aswSP.sys                                                                  ZwWriteVirtualMemory [0x934ECBA0]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                8423DA15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  84277212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                     8427E460 4 Bytes  [A6, 5B, 43, 93] {CMPSB ; POP EBX; INC EBX; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                     8427E4E8 4 Bytes  [84, 66, 43, 93] {TEST [ESI+0x43], AH; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                     8427E53C 2 Bytes  [F8, 26]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11AA                                                                     8427E53F 13 Bytes  [93, 44, 27, 44, 93, 6A, 43, ...] {XCHG EBX, EAX; INC ESP; DAA ; INC ESP; XCHG EBX, EAX; PUSH 0x43; DEC EDI; MOVSD ; FISUBR WORD [EAX]; INC ESP; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11CF                                                                     8427E564 4 Bytes  [66, 26, 44, 93] {INC SP; XCHG EBX, EAX}
.text           ...                                                                                                     
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                             844394EF 4 Bytes  CALL 93438641 \SystemRoot\system32\drivers\aswSnx.sys
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                            84453357 4 Bytes  CALL 93438657 \SystemRoot\system32\drivers\aswSnx.sys
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                section is writeable [0x9583B000, 0x341B68, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[200] kernel32.dll!GetBinaryTypeW + 70                     767B6AAC 1 Byte  [62]
.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[312] kernel32.dll!GetBinaryTypeW + 70        767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[420] kernel32.dll!GetBinaryTypeW + 70                                     767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70                                   767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[500] kernel32.dll!GetBinaryTypeW + 70                                     767B6AAC 1 Byte  [62]
.text           ...                                                                                                     
.text           C:\Program Files\Pando Networks\Media Booster\PMB.exe[984] kernel32.dll!SetUnhandledExceptionFilter     7679F5AB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Pando Networks\Media Booster\PMB.exe[984] kernel32.dll!GetBinaryTypeW + 70             767B6AAC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70                                   767B6AAC 1 Byte  [62]
.text           C:\Windows\System32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           ...                                                                                                     
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter       7679F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1488] kernel32.dll!GetBinaryTypeW + 70               767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[1500] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe[1512] kernel32.dll!GetBinaryTypeW + 70  767B6AAC 1 Byte  [62]
.text           C:\Program Files\Hotspot Shield\bin\hsscp.exe[1516] kernel32.dll!GetBinaryTypeW + 70                    767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\Dwm.exe[1596] kernel32.dll!GetBinaryTypeW + 70                                      767B6AAC 1 Byte  [62]
.text           ...                                                                                                     
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] kernel32.dll!SetUnhandledExceptionFilter        7679F5AB 8 Bytes  [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3228] kernel32.dll!GetBinaryTypeW + 70                767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[3352] kernel32.dll!GetBinaryTypeW + 70                            767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3472] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[3524] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[3616] kernel32.dll!GetBinaryTypeW + 70                                  767B6AAC 1 Byte  [62]
.text           ...                                                                                                     

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                 Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                 Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                                fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\00247eb4d9f4 (not active ControlSet)         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247eb4d9f4                             
Reg             HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\00247eb4d9f4 (not active ControlSet)         

---- EOF - GMER 2.1 ----
 

[janji]

Hi Janji. How can I call you?

Have you made any attempt to run Gmer? Its logfile may be a very useful one.

About Twitter and the others, as far as I can tell from a very quick look, I think that you may use it safely. If I'll notice anything after a more careful inspection and analysis, I will keep you updated, so stay tuned

Let me know about Gmer!

Cheers,
Minion

 

 

Janji is fine, it means "promise" in Malay where I stayed for a long time (Malaysia).

The above post is the Gmer log, thanks again for your help, much appreciated

Edited by janji, 08 August 2014 - 12:26 PM.

[Naathim]

Hi Janji
 
There are a few questions I need you to answer.

 
- Do you have any idea about the proxy server set on this machine?
 
- Is this installed on a purpose?

SockshareDownloader

- What kind of a machine is this one? I mean, your personal, your company one, is it administrated by some other person? There are some entries here that normally won't be present on a home machine.


Please answer that


Cheers!
Naat

[janji]

Hi Janji
 
There are a few questions I need you to answer.

 
- Do you have any idea about the proxy server set on this machine?
 
- Is this installed on a purpose?

SockshareDownloader

- What kind of a machine is this one? I mean, your personal, your company one, is it administrated by some other person? There are some entries here that normally won't be present on a home machine.


Please answer that


Cheers

 

Hi Naat
 

I didn't mention that my internet connection isn't working at the moment, so I've connected to my neighbour.
So router is working fine. When I called my internet provider in the last couple of days they said that there is a disruption on their side and that they are trying to fix it, then today when I phoned again they couldn't find any fault but connection still doesn't work.
If they send a technician to fix it and the problem is with my computer I'll have to pay for the bill, which I can't afford.

 

 

Do you have any idea about the proxy server set on this machine?

 

 

I have one programme which is called "Hotspot shield" which I run occasionally, is that what you mean?(it's switched off at the moment.)

 

 

 

- Is this installed on a purpose?

SockshareDownloader

 

 

Yes I needed it to watch an online movie but it didn't seem to work.

 

- What kind of a machine is this one? I mean, your personal, your company one, is it administrated by some other person? There are some entries here that normally won't be present on a home machine. 

It's my personal computer but it's second hand, so it's possible there are still some old programmes on there.
I also had problems with an old boyfriend before who in all probability had hacked my computer( IT guy).

Hope that helps, thanks

[Naathim]

Hi Janji and sorry for a little delay, had a quite busy Sunday here.
Also please note that I will be travelling from Thursday till Sunday, but one of my colleagues promised me to take care of you in case we won;t succeed our work here till then, so do not be concerned

Pando Media Booster warning!

Pando Media Booster, which is installed (intentially or not) with some gaming tools, has been known to download/send some uncontrollable data. You can never be sure what it really downloads/uploads.

My advice is to uninstall this program. To do so:

• Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for Pando Media Booster, right-click the entry and click Uninstall.

This is optional, but please consider it.


Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.

• Copy the entire content of the codebox below and paste into the Notepad document:
  

  start
  HKLM\...\Policies\Explorer: [RestrictRun] 0
  HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Policies\Explorer: [RestrictRun] 0
  ProxyEnable: Internet Explorer proxy is enabled.
  ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
  CHR HKLM\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [2014-01-30]
  CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\User\AppData\Local\newhb2.crx [2013-09-27]
  CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\User\AppData\Local\WebToSave.crx [2013-09-27]
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  Task: {481EC8F6-E220-4A39-8D0E-9C07C6F2AA32} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
  C:\Program Files\MyPC Backup
  AlternateDataStreams: C:\ProgramData\Temp:5C321E34
  EmptyTemp:
  end

• Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.



Scan with Malwarebytes' Anti-Malware

Please re-run Malwarebytes' Anti-Malware.

• First of all, select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the newest Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

[janji]

I've uninstalled Pando Media Booster and ran the fix, after this will do Malwarebytes anti- Malware scan.

here is the Fixlog.txt.:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:8-08-2014
Ran by User at 2014-08-11 13:52:20 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKLM\...\Policies\Explorer: [RestrictRun] 0
HKU\S-1-5-21-4165335087-975643669-458432890-1000\...\Policies\Explorer: [RestrictRun] 0
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8555;https=127.0.0.1:8555
CHR HKLM\...\Chrome\Extension: [ekekpckhcfhhaagbmdeimlipagihocje] - C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx [2014-01-30]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - C:\Users\User\AppData\Local\newhb2.crx [2013-09-27]
CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\User\AppData\Local\WebToSave.crx [2013-09-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {481EC8F6-E220-4A39-8D0E-9C07C6F2AA32} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
C:\Program Files\MyPC Backup
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
EmptyTemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully.
HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\RestrictRun => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ekekpckhcfhhaagbmdeimlipagihocje" => Key deleted successfully.
C:\Users\User\AppData\Local\CRE\ekekpckhcfhhaagbmdeimlipagihocje.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd" => Key deleted successfully.
C:\Users\User\AppData\Local\newhb2.crx => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd" => Key deleted successfully.
C:\Users\User\AppData\Local\WebToSave.crx => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{481EC8F6-E220-4A39-8D0E-9C07C6F2AA32}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{481EC8F6-E220-4A39-8D0E-9C07C6F2AA32}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchApp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => Key deleted successfully.
"C:\Program Files\MyPC Backup" => File/Directory not found.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
EmptyTemp: => Error: No automatic fix found for this entry.

==== End of Fixlog ====

Edited by janji, 11 August 2014 - 05:56 AM.

[Naathim]

May I ask you not to edit your posts? It makes my work harder. If you want to add a new log, do it in your next post, I don't mind multiple of them if necessary

[janji]

May I ask you not to edit your posts? It makes my work harder. If you want to add a new log, do it in your next post, I don't mind multiple of them if necessary

Sorry Naat, just edited a typo, not going to happen again and thanks for the efford

[Naathim]

Sorry Naat, just edited a typo, not going to happen again and thanks for the efford

Awaiting for MBAM report and we will go from there

[janji]

This is the Malwarebytes scan; the programme didn't asked me to restart the computer, so I didn't, I'm worried anyway that my computer will have problems in restarting, have been just selecting "sleep" these last couple of days.
If you want me to restart though, no problem, I can follow instructions from my mobile phone if it comes to the worst


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11-Aug-14
Scan Time: 1:59:07 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.11.02
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304954
Time Elapsed: 28 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.IWin.A, C:\ProgramData\iWin Games, No Action By User, [48501fa398e38ea895fddcf3c141d729],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox, No Action By User, [48501fa398e38ea895fddcf3c141d729],

Files: 2
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\chrome.manifest, No Action By User, [48501fa398e38ea895fddcf3c141d729],
PUP.Optional.IWin.A, C:\ProgramData\iWin Games\firefox\iWinArcadeLauncher.exe, No Action By User, [48501fa398e38ea895fddcf3c141d729],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Naathim]

Hi


Run a command

Run this one please.

• Press the + R on your keyboard at the same time.
• A Run window should appear in the lower left corner.
• Please type in (or paste) the following:
  

  cleanmgr
  

  and press Enter.

Select your system drive (usually C:\)
In the shown window:

• Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
• You can choose to check other boxes if you wish but they are not required.
• Click on OK then Delete Files.

Usually I recommend to reboot machine after this procedure, but please omit this step this time.


Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Enable detecion of potentially unwanted applications is checked.
• In the Advanced Settings dropdown menu:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Use custom proxy settings is unchecked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.